info: description: VMware NSX-T Data Center Global Policy REST REST API title: NSX-T Data Center Global Policy REST API version: 3.1.1.0.0 schemes: - https produces: - application/json securityDefinitions: BasicAuth: description: HTTP Basic Authentication type: basic host: nsxmanager.your.domain security: - BasicAuth: [] swagger: '2.0' basePath: /global-manager/api/v1 paths: /aaa/effective-permissions: get: consumes: - application/json description: | Returns none if user doesn't have access or feature_name from required request parameter is empty/invalid/doesn't match with object-path provided. operationId: GetPathPermissions parameters: - description: Feature name in: query name: feature_name required: true type: string - description: Exact object Policy path in: query name: object_path required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PathPermissionGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get effective object permissions to object specified by path for current user. tags: - Policy, Authorization, Object Permissions x-vmw-nsx-module: PolicyAuthz /aaa/features-with-properties: get: consumes: - application/json description: | List features operationId: ListFeatures produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FeaturePermissionListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List feature permissions tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/ldap-identity-sources: get: consumes: - application/json description: |- Return a list of all configured LDAP identity sources. operationId: ListLdapIdentitySources parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List LDAP identity sources tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}: delete: consumes: - application/json description: |- Delete an LDAP identity source. Users defined in that source will no longer be able to access NSX. operationId: DeleteLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete an LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources get: consumes: - application/json description: |- Return details about one LDAP identity source operationId: ReadLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySource' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a single LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources put: consumes: - application/json description: |- Update the configuration of an existing LDAP identity source. You may wish to verify the new configuration using the POST /aaa/ldap-identity-sources?action=probe API before changing the configuration. operationId: CreateOrUpdateLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string - in: body name: LdapIdentitySource required: true schema: $ref: '#/definitions/LdapIdentitySource' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySource' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update an existing LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}/search: post: consumes: - application/json description: |- Search the LDAP identity source for users and groups that match the given filter_value. In most cases, the LDAP source performs a case-insensitive search. operationId: SearchLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string - description: Search filter value in: query name: filter_value type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceSearchResultList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Search the LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}?action=probe: post: consumes: - application/json description: |- Attempt to connect to an existing LDAP identity source and report any errors encountered. operationId: ProbeConfiguredLdapIdentitySourceProbe parameters: - in: path name: ldap-identity-source-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceProbeResults' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Test the configuration of an existing LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=fetch_certificate: post: consumes: - application/json description: |- Attempt to connect to an LDAP server and retrieve the server certificate it presents. operationId: FetchIdentitySourceLdapServerCertificateFetch_certificate parameters: - in: body name: IdentitySourceLdapServerEndpoint required: true schema: $ref: '#/definitions/IdentitySourceLdapServerEndpoint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PeerCertificateChain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch the server certificate of an LDAP server tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=probe_identity_source: post: consumes: - application/json description: |- Verify that the configuration of an LDAP identity source is correct before actually creating the source. operationId: ProbeUnconfiguredLdapIdentitySourceProbe_identity_source parameters: - in: body name: LdapIdentitySource required: true schema: $ref: '#/definitions/LdapIdentitySource' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceProbeResults' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Probe an LDAP identity source tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=probe_ldap_server: post: consumes: - application/json description: |- Attempt to connect to an LDAP server and ensure that the server can be contacted using the given URL and authentication credentials. operationId: ProbeIdentitySourceLdapServerProbe_ldap_server parameters: - in: body name: IdentitySourceLdapServer required: true schema: $ref: '#/definitions/IdentitySourceLdapServer' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IdentitySourceLdapServerProbeResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Test an LDAP server tags: - System Administration, Settings, User Management, LDAP Identity Sources x-vmw-nsx-module: LdapIdentitySources /aaa/object-permissions: delete: consumes: - application/json description: |- Delete object-permissions entries operationId: DeleteObjectPermissions parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: false description: Does children of this object inherit this rule in: query name: inheritance_disabled required: false type: boolean - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Path prefix in: query name: path_prefix required: false type: string - description: Role name in: query name: role_name required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete object-permissions entries tags: - Policy, Authorization, Object Permissions x-vmw-nsx-module: PolicyAuthz get: consumes: - application/json description: |- Get list of Object-level RBAC entries. operationId: GetObjectPermissions parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: false description: Does children of this object inherit this rule in: query name: inheritance_disabled required: false type: boolean - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Path prefix in: query name: path_prefix required: false type: string - description: Role name in: query name: role_name required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ObjectRolePermissionGroupListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get list of Object-level RBAC entries. tags: - Policy, Authorization, Object Permissions x-vmw-nsx-module: PolicyAuthz patch: consumes: - application/json description: |- Create/update object permission mappings operationId: UpdateObjectPermissions parameters: - in: body name: ObjectRolePermissionGroup required: true schema: $ref: '#/definitions/ObjectRolePermissionGroup' produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create/update object permission mappings tags: - Policy, Authorization, Object Permissions x-vmw-nsx-module: PolicyAuthz /aaa/registration-token: post: consumes: - application/json description: |- The privileges of the registration token will be the same as the caller. operationId: CreateRegistrationToken produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RegistrationToken' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create registration access token tags: - System Administration, Settings, User Management, Access Token x-vmw-nsx-module: RegistrationTokenEndPoint /aaa/registration-token/{token}: delete: consumes: - application/json description: |- Delete registration access token operationId: DeleteRegistrationToken parameters: - description: |- Registration token in: path name: token required: true type: string produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete registration access token tags: - System Administration, Settings, User Management, Access Token x-vmw-nsx-module: RegistrationTokenEndPoint get: consumes: - application/json description: |- Get registration access token operationId: GetRegistrationToken parameters: - description: |- Registration token in: path name: token required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RegistrationToken' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get registration access token tags: - System Administration, Settings, User Management, Access Token x-vmw-nsx-module: RegistrationTokenEndPoint /aaa/role-bindings: get: consumes: - application/json description: |- Get all users and groups with their roles operationId: GetAllRoleBindings parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Identity source ID in: query name: identity_source_id required: false type: string - description: Identity source type enum: - VIDM - LDAP - OIDC in: query name: identity_source_type required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: User/Group name in: query name: name required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Role ID in: query name: role required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type enum: - remote_user - remote_group - local_user - principal_identity in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all users and groups with their roles tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA post: consumes: - application/json description: | When assigning a user role, specify the user name with the same case as it appears in vIDM to access the NSX-T user interface. For example, if vIDM has the user name User1@example.com then the name attribute in the API call must be be User1@example.com and cannot be user1@example.com. operationId: CreateRoleBinding parameters: - in: body name: RoleBinding required: true schema: $ref: '#/definitions/RoleBinding' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Assign roles to User or Group tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/role-bindings/{binding-id}: delete: consumes: - application/json description: |- Delete user/group's roles assignment operationId: DeleteRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete user/group's roles assignment tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA get: consumes: - application/json description: |- Get user/group's role information operationId: GetRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get user/group's role information tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA put: consumes: - application/json description: |- Update User or Group's roles operationId: UpdateRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string - in: body name: RoleBinding required: true schema: $ref: '#/definitions/RoleBinding' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update User or Group's roles tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/role-bindings?action=delete_stale_bindings: post: consumes: - application/json description: |- Delete all stale role assignments operationId: DeleteAllStaleRoleBindingsDelete_stale_bindings responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete all stale role assignments tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/roles: get: consumes: - application/json description: |- Get information about all roles operationId: GetAllRolesInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get information about all roles tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/roles-with-feature-permissions: get: consumes: - application/json description: |- Get information about all roles with features and their permissions operationId: ListRolesInfo parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleWithFeaturesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get information about all roles with features and their permissions tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/roles/{role}: delete: consumes: - application/json description: | If a role is assigned to a role binding then the deletion of the role is not allowed. Precanned roles cannot be deleted. operationId: DeleteRole parameters: - description: |- Custom role id in: path name: role required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete custom role tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA get: consumes: - application/json description: |- Get role information operationId: GetRoleInfo parameters: - description: |- Role id in: path name: role required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleWithFeatures' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get role information tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA put: consumes: - application/json description: | Creates a new role with id as if there does not exist any role with id , else updates the existing role. operationId: CreateOrUpdateRole parameters: - description: |- Custom role id in: path name: role required: true type: string - in: body name: RoleWithFeatures required: true schema: $ref: '#/definitions/RoleWithFeatures' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleWithFeatures' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update custom role tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/roles/{role}?action=clone: post: consumes: - application/json description: | The role with id is cloned and the new id, name and description are the ones provided in the request body. operationId: CloneRoleClone parameters: - description: |- Role id in: path name: role required: true type: string - in: body name: NewRole required: true schema: $ref: '#/definitions/NewRole' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/NewRole' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Clone an already present role tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/roles?action=validate: post: consumes: - application/json description: | Validate the permissions of an incoming role. Also, recommend the permissions which need to be corrected. operationId: ValidateAndRecommendPermissionsValidate parameters: - in: body name: FeaturePermissionArray required: true schema: $ref: '#/definitions/FeaturePermissionArray' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RecommendedFeaturePermissionListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Validate a new feature permission set tags: - System Administration, Settings, User Management, Roles x-vmw-nsx-module: AAA /aaa/user-info: get: consumes: - application/json description: | This API will return the name and role information of the user invoking this API request. This API is available for all NSX users no matter their authentication method (Local account, VIDM, LDAP etc). The permissions parameter of the NsxRole has been deprecated. operationId: GetCurrentUserInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/UserInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the name and role information of the user. tags: - System Administration, Settings, User Management, Users x-vmw-nsx-module: AAA /aaa/vidm/groups: get: consumes: - application/json description: |- Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. operationId: GetGroupVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. tags: - System Administration, Settings, User Management, Vidm Configuration x-vmw-nsx-module: AAA /aaa/vidm/search: post: consumes: - application/json description: |- Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. operationId: GetVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. tags: - System Administration, Settings, User Management, Vidm Configuration x-vmw-nsx-module: AAA /aaa/vidm/users: get: consumes: - application/json description: |- Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. operationId: GetUserVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. tags: - System Administration, Settings, User Management, Vidm Configuration x-vmw-nsx-module: AAA /batch: post: consumes: - application/json description: | Enables you to make multiple API requests using a single request. The batch API takes in an array of logical HTTP requests represented as JSON arrays. Each request has a method (GET, PUT, POST, or DELETE), a relative_url (the portion of the URL after https://<nsx-mgr>/api/), optional headers array (corresponding to HTTP headers) and an optional body (for POST and PUT requests). The batch API returns an array of logical HTTP responses represented as JSON arrays. Each response has a status code, an optional headers array and an optional body (which is a JSON-encoded string). operationId: RegisterBatchRequest parameters: - in: body name: BatchRequest required: true schema: $ref: '#/definitions/BatchRequest' - default: false description: transactional atomicity for the batch of requests embedded in the batch list in: query name: atomic required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BatchResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Register a Collection of API Calls at a Single End Point tags: - System Administration, Configuration, NSX Managers, API Services, API Request Batching x-vmw-nsx-module: Batch /cluster/backups/config: get: consumes: - application/json description: | Get a configuration of a file server and timers for automated backup. Fields that contain secrets (password, passphrase) are not returned. operationId: GetBackupConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup configuration tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration put: consumes: - application/json description: | Configure file server and timers for automated backup. If secret fields are omitted (password, passphrase) then use the previously set value. operationId: ConfigureBackupConfig parameters: - in: body name: BackupConfiguration required: true schema: $ref: '#/definitions/BackupConfiguration' - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - default: localhost description: Site ID in: query name: site_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Configure backup tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/history: get: consumes: - application/json description: | Get history of previous backup operations operationId: GetBackupHistory produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupOperationHistory' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup history tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/overview: get: consumes: - application/json description: | Get a configuration of a file server, timers for automated backup, latest backup status, backups list for a site. Fields that contain secrets (password, passphrase) are not returned. operationId: GetBackupOverview parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - default: true description: Need a list of backups in: query name: show_backups_list required: false type: boolean - default: localhost description: UUID of the site in: query name: site_id required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupOverview' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all backup related information for a site tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/status: get: consumes: - application/json description: | Get status of active backup operations operationId: GetBackupStatus produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CurrentBackupOperationStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup status tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups?action=retrieve_ssh_fingerprint: post: consumes: - application/json description: | Get SHA256 fingerprint of ECDSA key of remote server. The caller should independently verify that the key is trusted. operationId: GetSshFingerprintOfServerRetrieve_ssh_fingerprint parameters: - in: body name: RemoteServerFingerprintRequest required: true schema: $ref: '#/definitions/RemoteServerFingerprintRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RemoteServerFingerprint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ssh fingerprint of remote(backup) server tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/restore/backuptimestamps: get: consumes: - application/json description: | Returns timestamps for all backup files that are available on the SFTP server. operationId: ListClusterBackupTimestamps parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterBackupInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List timestamps of all available Cluster Backups. tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore/instruction-resources: get: consumes: - application/json description: | For restore operations requiring user input e.g. performing an action, accepting/rejecting an action, etc. the information to be conveyed to users is provided in this call. operationId: ListRestoreInstructionResources parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Id of the instruction set whose instructions are to be returned in: query name: instruction_id required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ActionableResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | List resources for a given instruction, to be shown to/executed by users. tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=advance: post: consumes: - application/json description: | Advance any currently suspended restore operation. The operation might have been suspended because (1) the user had suspended it previously, or (2) the operation is waiting for user input, to be provided as a part of the POST request body. This operation is only valid when a GET cluster/restore/status returns a status with value SUSPENDED. Otherwise, a 409 response is returned. operationId: AdvanceClusterRestoreAdvance parameters: - in: body name: AdvanceClusterRestoreRequest required: true schema: $ref: '#/definitions/AdvanceClusterRestoreRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Advance any suspended restore operation tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=cancel: post: consumes: - application/json description: | This operation is only valid when a restore is in suspended state. The UI user can cancel any restore operation when the restore is suspended either due to an error, or for a user input. The API user would need to monitor the progression of a restore by calling periodically "/api/v1/cluster/restore/status" API. The response object (ClusterRestoreStatus), contains a field "endpoints". The API user can cancel the restore process if 'cancel' action is shown in the endpoint field. This operation is only valid when a GET cluster/restore/status returns a status with value SUSPENDED. operationId: CancelClusterRestoreCancel produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Cancel any running restore operation tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=retry: post: consumes: - application/json description: | Retry any currently in-progress, failed restore operation. Only the last step of the multi-step restore operation would have failed,and only that step is retried. This operation is only valid when a GET cluster/restore/status returns a status with value FAILED. Otherwise, a 409 response is returned. operationId: RetryClusterRestoreRetry produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Retry any failed restore operation tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=start: post: consumes: - application/json description: | Start the restore of an NSX cluster, from some previously backed-up configuration. This operation is only valid when a GET cluster/restore/status returns a status with value NOT_STARTED. Otherwise, a 409 response is returned. operationId: InitiateClusterRestoreStart parameters: - in: body name: InitiateClusterRestoreRequest required: true schema: $ref: '#/definitions/InitiateClusterRestoreRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Initiate a restore operation tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=suspend: post: consumes: - application/json description: | Suspend any currently running restore operation. The restore operation is made up of a number of steps. When this call is issued, any currently running step is allowed to finish (successfully or with errors), and the next step (and therefore the entire restore operation) is suspended until a subsequent resume or cancel call is issued. This operation is only valid when a GET cluster/restore/status returns a status with value RUNNING. Otherwise, a 409 response is returned. operationId: SuspendClusterRestoreSuspend produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Suspend any running restore operation tags: - System Administration, Lifecycle Management, Backup Restore Management, Restore x-vmw-nsx-module: ClusterRestore /cluster?action=backup_to_remote: post: consumes: - application/json description: | Request one-time backup. The backup will be uploaded using the same server configuration as for automatic backup. operationId: RequestOnetimeBackupBackup_to_remote parameters: - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - default: localhost description: Site ID in: query name: site_id required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Request one-time backup tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster?action=summarize_inventory_to_remote: post: consumes: - application/json description: | Request one-time inventory summary. The backup will be uploaded using the same server configuration as for an automatic backup. operationId: RequestOnetimeInventorySummarySummarize_inventory_to_remote responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Request one-time inventory summary. tags: - System Administration, Lifecycle Management, Backup Restore Management, Backup x-vmw-nsx-module: BackupConfiguration /compliance/status: get: consumes: - application/json description: |- Returns the compliance status and details of non compliant configuration operationId: GetPolicyComplianceStatus produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyComplianceStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the compliance status tags: - Policy, Operations, Compliance x-vmw-nsx-module: PolicyCompliance /configs/management: get: consumes: - application/json description: | Returns the NSX Management nodes global configuration. operationId: ReadManagementConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ManagementConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read NSX Management nodes global configuration. tags: - System Administration, Configuration, NSX Managers, Manager Configuration x-vmw-nsx-module: ConfigManagement put: consumes: - application/json description: |- Modifies the NSX Management nodes global configuration. operationId: UpdateManagementConfig parameters: - in: body name: ManagementConfig required: true schema: $ref: '#/definitions/ManagementConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ManagementConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NSX Management nodes global configuration tags: - System Administration, Configuration, NSX Managers, Manager Configuration x-vmw-nsx-module: ConfigManagement /error-resolver: get: consumes: - application/json description: | Returns a list of metadata for all the error resolvers registered. operationId: ListErrorResolverInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ErrorResolverInfoList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetches a list of metadata for all the registered error resolvers tags: - System Administration, Monitoring, Error Resolver x-vmw-nsx-module: ErrorResolver /error-resolver/{error_id}: get: consumes: - application/json description: | Returns some metadata about the given error_id. This includes information of whether there is a resolver present for the given error_id and its associated user input data operationId: GetErrorResolverInfo parameters: - in: path name: error_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ErrorResolverInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetches metadata about the given error_id tags: - System Administration, Monitoring, Error Resolver x-vmw-nsx-module: ErrorResolver /error-resolver?action=resolve_error: post: consumes: - application/json description: | Invokes the corresponding error resolver for the given error(s) present in the payload operationId: ResolveErrorResolve_error parameters: - in: body name: ErrorResolverMetadataList required: true schema: $ref: '#/definitions/ErrorResolverMetadataList' responses: '204': description: No Content '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolves the error tags: - System Administration, Monitoring, Error Resolver x-vmw-nsx-module: ErrorResolver /eula/accept: post: consumes: - application/json description: | Accept end user license agreement operationId: AcceptEULA produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Accept end user license agreement tags: - System Administration, Settings, Licenses x-vmw-nsx-module: EULA /eula/acceptance: get: consumes: - application/json description: | Return the acceptance status of end user license agreement operationId: GetEULAAcceptance produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EULAAcceptance' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Return the acceptance status of end user license agreement tags: - System Administration, Settings, Licenses x-vmw-nsx-module: EULA /eula/content: get: consumes: - application/json description: | Return the content of end user license agreement in the specified format. By default, it's pure string without line break operationId: GetEULAContent parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: End User License Agreement content output format in: query name: value_format type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EULAContent' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Return the content of end user license agreement tags: - System Administration, Settings, Licenses x-vmw-nsx-module: EULA /fine-tuning/resources: get: consumes: - application/json description: | This API provides field names of attributes in NSX types that are owned by Policy, as opposed to those owned by the enforcement point. For any type on NSX, some of the attributes of that type may be owned and set by Policy when realizing the intent, while some others may be owned and set by the enforcement point itself. This information can be used to disable updates to Policy owned attributes by the advanced networking UI, while allowing tweaking to the attributes owned by the management plane. operationId: ListResourceInfo parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type query in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ResourceInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- For each type of entity what are the attributes owned by policy. tags: - Policy, Operations, Finetuning x-vmw-nsx-module: PolicyFineTuning /global-infra: get: consumes: - application/json description: | Read infra. Returns only the infra related properties. Inner object are not populated. operationId: ReadInfra parameters: - description: Base Path for retrieving hierarchical intent in: query name: base_path required: false type: string - description: Filter string as java regex in: query name: filter required: false type: string - description: Filter string to retrieve hierarchy. in: query name: type_filter required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Infra' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read infra tags: - Policy, Infra, Hierarchical API x-vmw-nsx-module: Policy patch: consumes: - application/json description: | Patch API at infra level can be used in two flavours 1. Like a regular API to update Infra object 2. Hierarchical API: To create/update/delete entire or part of intent hierarchy Hierarchical API: Provides users a way to create entire or part of intent in single API invocation. Input is expressed in a tree format. Each node in tree can have multiple children of different types. System will resolve the dependecies of nodes within the intent tree and will create the model. Children for any node can be specified using ChildResourceReference or ChildPolicyConfigResource. If a resource is specified using ChildResourceReference then it will not be updated only its children will be updated. If Object is specified using ChildPolicyConfigResource, object along with its children will be updated. Hierarchical API can also be used to delete any sub-branch of entire tree. operationId: PatchInfra parameters: - in: body name: Infra required: true schema: $ref: '#/definitions/Infra' - default: false description: Force revision check in: query name: enforce_revision_check required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the infra including all the nested entities tags: - Policy, Infra, Hierarchical API x-vmw-nsx-module: Policy put: consumes: - application/json description: | Updates only the single infra object. This does not allow hierarchical updates of entities. operationId: UpdateInfra parameters: - in: body name: Infra required: true schema: $ref: '#/definitions/Infra' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Infra' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the infra object tags: - Policy, Infra, Hierarchical API x-vmw-nsx-module: Policy /global-infra/alb-analytics-profiles: get: consumes: - application/json description: | Paginated list of all ALBAnalyticsProfile for infra. operationId: ListALBAnalyticsProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAnalyticsProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBAnalyticsProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Analytics Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-analytics-profiles/{alb-analyticsprofile-id}: delete: consumes: - application/json description: | Delete the ALBAnalyticsProfile along with all the entities contained by this ALBAnalyticsProfile. operationId: DeleteALBAnalyticsProfile parameters: - description: |- ALBAnalyticsProfile ID in: path name: alb-analyticsprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBAnalyticsProfile and all the entities contained by this ALBAnalyticsProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Analytics Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBAnalyticsProfile. operationId: ReadALBAnalyticsProfile parameters: - description: |- ALBAnalyticsProfile ID in: path name: alb-analyticsprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAnalyticsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBAnalyticsProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Analytics Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBanalyticsprofile with the alb-analyticsprofile-id is not already present, create a new ALBanalyticsprofile. If it already exists, update the ALBanalyticsprofile. This is a full replace. operationId: PatchALBAnalyticsProfile parameters: - description: |- ALBanalyticsprofile ID in: path name: alb-analyticsprofile-id required: true type: string - in: body name: ALBAnalyticsProfile required: true schema: $ref: '#/definitions/ALBAnalyticsProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBanalyticsprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Analytics Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBAnalyticsProfile with the alb-AnalyticsProfile-id is not already present, create a new ALBAnalyticsProfile. If it already exists, update the ALBAnalyticsProfile. This is a full replace. operationId: UpdateALBAnalyticsProfile parameters: - description: |- ALBAnalyticsProfile ID in: path name: alb-analyticsprofile-id required: true type: string - in: body name: ALBAnalyticsProfile required: true schema: $ref: '#/definitions/ALBAnalyticsProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAnalyticsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBAnalyticsProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Analytics Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-application-persistence-profiles: get: consumes: - application/json description: | Paginated list of all ALBApplicationPersistenceProfile for infra. operationId: ListALBApplicationPersistenceProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationPersistenceProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBApplicationPersistenceProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Persistence Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-application-persistence-profiles/{alb-applicationpersistenceprofile-id}: delete: consumes: - application/json description: | Delete the ALBApplicationPersistenceProfile along with all the entities contained by this ALBApplicationPersistenceProfile. operationId: DeleteALBApplicationPersistenceProfile parameters: - description: |- ALBApplicationPersistenceProfile ID in: path name: alb-applicationpersistenceprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBApplicationPersistenceProfile and all the entities contained by this ALBApplicationPersistenceProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Persistence Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBApplicationPersistenceProfile. operationId: ReadALBApplicationPersistenceProfile parameters: - description: |- ALBApplicationPersistenceProfile ID in: path name: alb-applicationpersistenceprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationPersistenceProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBApplicationPersistenceProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Persistence Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBapplicationpersistenceprofile with the alb-applicationpersistenceprofile-id is not already present, create a new ALBapplicationpersistenceprofile. If it already exists, update the ALBapplicationpersistenceprofile. This is a full replace. operationId: PatchALBApplicationPersistenceProfile parameters: - description: |- ALBapplicationpersistenceprofile ID in: path name: alb-applicationpersistenceprofile-id required: true type: string - in: body name: ALBApplicationPersistenceProfile required: true schema: $ref: '#/definitions/ALBApplicationPersistenceProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBapplicationpersistenceprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Persistence Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBApplicationPersistenceProfile with the alb-ApplicationPersistenceProfile-id is not already present, create a new ALBApplicationPersistenceProfile. If it already exists, update the ALBApplicationPersistenceProfile. This is a full replace. operationId: UpdateALBApplicationPersistenceProfile parameters: - description: |- ALBApplicationPersistenceProfile ID in: path name: alb-applicationpersistenceprofile-id required: true type: string - in: body name: ALBApplicationPersistenceProfile required: true schema: $ref: '#/definitions/ALBApplicationPersistenceProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationPersistenceProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBApplicationPersistenceProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Persistence Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-application-profiles: get: consumes: - application/json description: | Paginated list of all ALBApplicationProfile for infra. operationId: ListALBApplicationProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBApplicationProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-application-profiles/{alb-applicationprofile-id}: delete: consumes: - application/json description: | Delete the ALBApplicationProfile along with all the entities contained by this ALBApplicationProfile. operationId: DeleteALBApplicationProfile parameters: - description: |- ALBApplicationProfile ID in: path name: alb-applicationprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBApplicationProfile and all the entities contained by this ALBApplicationProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBApplicationProfile. operationId: ReadALBApplicationProfile parameters: - description: |- ALBApplicationProfile ID in: path name: alb-applicationprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBApplicationProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBapplicationprofile with the alb-applicationprofile-id is not already present, create a new ALBapplicationprofile. If it already exists, update the ALBapplicationprofile. This is a full replace. operationId: PatchALBApplicationProfile parameters: - description: |- ALBapplicationprofile ID in: path name: alb-applicationprofile-id required: true type: string - in: body name: ALBApplicationProfile required: true schema: $ref: '#/definitions/ALBApplicationProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBapplicationprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBApplicationProfile with the alb-ApplicationProfile-id is not already present, create a new ALBApplicationProfile. If it already exists, update the ALBApplicationProfile. This is a full replace. operationId: UpdateALBApplicationProfile parameters: - description: |- ALBApplicationProfile ID in: path name: alb-applicationprofile-id required: true type: string - in: body name: ALBApplicationProfile required: true schema: $ref: '#/definitions/ALBApplicationProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBApplicationProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBApplicationProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Application Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-auth-profiles: get: consumes: - application/json description: | Paginated list of all ALBAuthProfile for infra. operationId: ListALBAuthProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAuthProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBAuthProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auth Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-auth-profiles/{alb-authprofile-id}: delete: consumes: - application/json description: | Delete the ALBAuthProfile along with all the entities contained by this ALBAuthProfile. operationId: DeleteALBAuthProfile parameters: - description: |- ALBAuthProfile ID in: path name: alb-authprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBAuthProfile and all the entities contained by this ALBAuthProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auth Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBAuthProfile. operationId: ReadALBAuthProfile parameters: - description: |- ALBAuthProfile ID in: path name: alb-authprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAuthProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBAuthProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auth Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBauthprofile with the alb-authprofile-id is not already present, create a new ALBauthprofile. If it already exists, update the ALBauthprofile. This is a full replace. operationId: PatchALBAuthProfile parameters: - description: |- ALBauthprofile ID in: path name: alb-authprofile-id required: true type: string - in: body name: ALBAuthProfile required: true schema: $ref: '#/definitions/ALBAuthProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBauthprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auth Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBAuthProfile with the alb-AuthProfile-id is not already present, create a new ALBAuthProfile. If it already exists, update the ALBAuthProfile. This is a full replace. operationId: UpdateALBAuthProfile parameters: - description: |- ALBAuthProfile ID in: path name: alb-authprofile-id required: true type: string - in: body name: ALBAuthProfile required: true schema: $ref: '#/definitions/ALBAuthProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAuthProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBAuthProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auth Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-auto-scale-launch-configs: get: consumes: - application/json description: | Paginated list of all ALBAutoScaleLaunchConfig for infra. operationId: ListALBAutoScaleLaunchConfig parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAutoScaleLaunchConfigApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBAutoScaleLaunchConfig for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auto Scale Launch Configs x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-auto-scale-launch-configs/{alb-autoscalelaunchconfig-id}: delete: consumes: - application/json description: | Delete the ALBAutoScaleLaunchConfig along with all the entities contained by this ALBAutoScaleLaunchConfig. operationId: DeleteALBAutoScaleLaunchConfig parameters: - description: |- ALBAutoScaleLaunchConfig ID in: path name: alb-autoscalelaunchconfig-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBAutoScaleLaunchConfig and all the entities contained by this ALBAutoScaleLaunchConfig tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auto Scale Launch Configs x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBAutoScaleLaunchConfig. operationId: ReadALBAutoScaleLaunchConfig parameters: - description: |- ALBAutoScaleLaunchConfig ID in: path name: alb-autoscalelaunchconfig-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAutoScaleLaunchConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBAutoScaleLaunchConfig tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auto Scale Launch Configs x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBautoscalelaunchconfig with the alb-autoscalelaunchconfig-id is not already present, create a new ALBautoscalelaunchconfig. If it already exists, update the ALBautoscalelaunchconfig. This is a full replace. operationId: PatchALBAutoScaleLaunchConfig parameters: - description: |- ALBautoscalelaunchconfig ID in: path name: alb-autoscalelaunchconfig-id required: true type: string - in: body name: ALBAutoScaleLaunchConfig required: true schema: $ref: '#/definitions/ALBAutoScaleLaunchConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBautoscalelaunchconfig tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auto Scale Launch Configs x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBAutoScaleLaunchConfig with the alb-AutoScaleLaunchConfig-id is not already present, create a new ALBAutoScaleLaunchConfig. If it already exists, update the ALBAutoScaleLaunchConfig. This is a full replace. operationId: UpdateALBAutoScaleLaunchConfig parameters: - description: |- ALBAutoScaleLaunchConfig ID in: path name: alb-autoscalelaunchconfig-id required: true type: string - in: body name: ALBAutoScaleLaunchConfig required: true schema: $ref: '#/definitions/ALBAutoScaleLaunchConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBAutoScaleLaunchConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBAutoScaleLaunchConfig tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Auto Scale Launch Configs x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-dns-policies: get: consumes: - application/json description: | Paginated list of all ALBDnsPolicy for infra. operationId: ListALBDnsPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBDnsPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBDnsPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb DNS Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-dns-policies/{alb-dnspolicy-id}: delete: consumes: - application/json description: | Delete the ALBDnsPolicy along with all the entities contained by this ALBDnsPolicy. operationId: DeleteALBDnsPolicy parameters: - description: |- ALBDnsPolicy ID in: path name: alb-dnspolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBDnsPolicy and all the entities contained by this ALBDnsPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb DNS Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBDnsPolicy. operationId: ReadALBDnsPolicy parameters: - description: |- ALBDnsPolicy ID in: path name: alb-dnspolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBDnsPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBDnsPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb DNS Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBdnspolicy with the alb-dnspolicy-id is not already present, create a new ALBdnspolicy. If it already exists, update the ALBdnspolicy. This is a full replace. operationId: PatchALBDnsPolicy parameters: - description: |- ALBdnspolicy ID in: path name: alb-dnspolicy-id required: true type: string - in: body name: ALBDnsPolicy required: true schema: $ref: '#/definitions/ALBDnsPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBdnspolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb DNS Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBDnsPolicy with the alb-DnsPolicy-id is not already present, create a new ALBDnsPolicy. If it already exists, update the ALBDnsPolicy. This is a full replace. operationId: UpdateALBDnsPolicy parameters: - description: |- ALBDnsPolicy ID in: path name: alb-dnspolicy-id required: true type: string - in: body name: ALBDnsPolicy required: true schema: $ref: '#/definitions/ALBDnsPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBDnsPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBDnsPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb DNS Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-error-page-bodies: get: consumes: - application/json description: | Paginated list of all ALBErrorPageBody for infra. operationId: ListALBErrorPageBody parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageBodyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBErrorPageBody for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Bodies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-error-page-bodies/{alb-errorpagebody-id}: delete: consumes: - application/json description: | Delete the ALBErrorPageBody along with all the entities contained by this ALBErrorPageBody. operationId: DeleteALBErrorPageBody parameters: - description: |- ALBErrorPageBody ID in: path name: alb-errorpagebody-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBErrorPageBody and all the entities contained by this ALBErrorPageBody tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Bodies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBErrorPageBody. operationId: ReadALBErrorPageBody parameters: - description: |- ALBErrorPageBody ID in: path name: alb-errorpagebody-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageBody' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBErrorPageBody tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Bodies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBerrorpagebody with the alb-errorpagebody-id is not already present, create a new ALBerrorpagebody. If it already exists, update the ALBerrorpagebody. This is a full replace. operationId: PatchALBErrorPageBody parameters: - description: |- ALBerrorpagebody ID in: path name: alb-errorpagebody-id required: true type: string - in: body name: ALBErrorPageBody required: true schema: $ref: '#/definitions/ALBErrorPageBody' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBerrorpagebody tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Bodies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBErrorPageBody with the alb-ErrorPageBody-id is not already present, create a new ALBErrorPageBody. If it already exists, update the ALBErrorPageBody. This is a full replace. operationId: UpdateALBErrorPageBody parameters: - description: |- ALBErrorPageBody ID in: path name: alb-errorpagebody-id required: true type: string - in: body name: ALBErrorPageBody required: true schema: $ref: '#/definitions/ALBErrorPageBody' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageBody' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBErrorPageBody tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Bodies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-error-page-profiles: get: consumes: - application/json description: | Paginated list of all ALBErrorPageProfile for infra. operationId: ListALBErrorPageProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBErrorPageProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-error-page-profiles/{alb-errorpageprofile-id}: delete: consumes: - application/json description: | Delete the ALBErrorPageProfile along with all the entities contained by this ALBErrorPageProfile. operationId: DeleteALBErrorPageProfile parameters: - description: |- ALBErrorPageProfile ID in: path name: alb-errorpageprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBErrorPageProfile and all the entities contained by this ALBErrorPageProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBErrorPageProfile. operationId: ReadALBErrorPageProfile parameters: - description: |- ALBErrorPageProfile ID in: path name: alb-errorpageprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBErrorPageProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBerrorpageprofile with the alb-errorpageprofile-id is not already present, create a new ALBerrorpageprofile. If it already exists, update the ALBerrorpageprofile. This is a full replace. operationId: PatchALBErrorPageProfile parameters: - description: |- ALBerrorpageprofile ID in: path name: alb-errorpageprofile-id required: true type: string - in: body name: ALBErrorPageProfile required: true schema: $ref: '#/definitions/ALBErrorPageProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBerrorpageprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBErrorPageProfile with the alb-ErrorPageProfile-id is not already present, create a new ALBErrorPageProfile. If it already exists, update the ALBErrorPageProfile. This is a full replace. operationId: UpdateALBErrorPageProfile parameters: - description: |- ALBErrorPageProfile ID in: path name: alb-errorpageprofile-id required: true type: string - in: body name: ALBErrorPageProfile required: true schema: $ref: '#/definitions/ALBErrorPageProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBErrorPageProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBErrorPageProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Error Page Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-hardware-security-module-groups: get: consumes: - application/json description: | Paginated list of all ALBHardwareSecurityModuleGroup for infra. operationId: ListALBHardwareSecurityModuleGroup parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHardwareSecurityModuleGroupApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBHardwareSecurityModuleGroup for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Hardware Security Module Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-hardware-security-module-groups/{alb-hardwaresecuritymodulegroup-id}: delete: consumes: - application/json description: | Delete the ALBHardwareSecurityModuleGroup along with all the entities contained by this ALBHardwareSecurityModuleGroup. operationId: DeleteALBHardwareSecurityModuleGroup parameters: - description: |- ALBHardwareSecurityModuleGroup ID in: path name: alb-hardwaresecuritymodulegroup-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBHardwareSecurityModuleGroup and all the entities contained by this ALBHardwareSecurityModuleGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Hardware Security Module Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBHardwareSecurityModuleGroup. operationId: ReadALBHardwareSecurityModuleGroup parameters: - description: |- ALBHardwareSecurityModuleGroup ID in: path name: alb-hardwaresecuritymodulegroup-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBHardwareSecurityModuleGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Hardware Security Module Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBhardwaresecuritymodulegroup with the alb-hardwaresecuritymodulegroup-id is not already present, create a new ALBhardwaresecuritymodulegroup. If it already exists, update the ALBhardwaresecuritymodulegroup. This is a full replace. operationId: PatchALBHardwareSecurityModuleGroup parameters: - description: |- ALBhardwaresecuritymodulegroup ID in: path name: alb-hardwaresecuritymodulegroup-id required: true type: string - in: body name: ALBHardwareSecurityModuleGroup required: true schema: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBhardwaresecuritymodulegroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Hardware Security Module Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBHardwareSecurityModuleGroup with the alb-HardwareSecurityModuleGroup-id is not already present, create a new ALBHardwareSecurityModuleGroup. If it already exists, update the ALBHardwareSecurityModuleGroup. This is a full replace. operationId: UpdateALBHardwareSecurityModuleGroup parameters: - description: |- ALBHardwareSecurityModuleGroup ID in: path name: alb-hardwaresecuritymodulegroup-id required: true type: string - in: body name: ALBHardwareSecurityModuleGroup required: true schema: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBHardwareSecurityModuleGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Hardware Security Module Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-health-monitors: get: consumes: - application/json description: | Paginated list of all ALBHealthMonitor for infra. operationId: ListALBHealthMonitor parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHealthMonitorApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBHealthMonitor for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Health Monitors x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-health-monitors/{alb-healthmonitor-id}: delete: consumes: - application/json description: | Delete the ALBHealthMonitor along with all the entities contained by this ALBHealthMonitor. operationId: DeleteALBHealthMonitor parameters: - description: |- ALBHealthMonitor ID in: path name: alb-healthmonitor-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBHealthMonitor and all the entities contained by this ALBHealthMonitor tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Health Monitors x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBHealthMonitor. operationId: ReadALBHealthMonitor parameters: - description: |- ALBHealthMonitor ID in: path name: alb-healthmonitor-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHealthMonitor' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBHealthMonitor tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Health Monitors x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBhealthmonitor with the alb-healthmonitor-id is not already present, create a new ALBhealthmonitor. If it already exists, update the ALBhealthmonitor. This is a full replace. operationId: PatchALBHealthMonitor parameters: - description: |- ALBhealthmonitor ID in: path name: alb-healthmonitor-id required: true type: string - in: body name: ALBHealthMonitor required: true schema: $ref: '#/definitions/ALBHealthMonitor' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBhealthmonitor tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Health Monitors x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBHealthMonitor with the alb-HealthMonitor-id is not already present, create a new ALBHealthMonitor. If it already exists, update the ALBHealthMonitor. This is a full replace. operationId: UpdateALBHealthMonitor parameters: - description: |- ALBHealthMonitor ID in: path name: alb-healthmonitor-id required: true type: string - in: body name: ALBHealthMonitor required: true schema: $ref: '#/definitions/ALBHealthMonitor' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHealthMonitor' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBHealthMonitor tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Health Monitors x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-http-policy-sets: get: consumes: - application/json description: | Paginated list of all ALBHTTPPolicySet for infra. operationId: ListALBHTTPPolicySet parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHTTPPolicySetApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBHTTPPolicySet for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb HTTP Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-http-policy-sets/{alb-httppolicyset-id}: delete: consumes: - application/json description: | Delete the ALBHTTPPolicySet along with all the entities contained by this ALBHTTPPolicySet. operationId: DeleteALBHTTPPolicySet parameters: - description: |- ALBHTTPPolicySet ID in: path name: alb-httppolicyset-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBHTTPPolicySet and all the entities contained by this ALBHTTPPolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb HTTP Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBHTTPPolicySet. operationId: ReadALBHTTPPolicySet parameters: - description: |- ALBHTTPPolicySet ID in: path name: alb-httppolicyset-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHTTPPolicySet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBHTTPPolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb HTTP Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBhttppolicyset with the alb-httppolicyset-id is not already present, create a new ALBhttppolicyset. If it already exists, update the ALBhttppolicyset. This is a full replace. operationId: PatchALBHTTPPolicySet parameters: - description: |- ALBhttppolicyset ID in: path name: alb-httppolicyset-id required: true type: string - in: body name: ALBHTTPPolicySet required: true schema: $ref: '#/definitions/ALBHTTPPolicySet' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBhttppolicyset tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb HTTP Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBHTTPPolicySet with the alb-HTTPPolicySet-id is not already present, create a new ALBHTTPPolicySet. If it already exists, update the ALBHTTPPolicySet. This is a full replace. operationId: UpdateALBHTTPPolicySet parameters: - description: |- ALBHTTPPolicySet ID in: path name: alb-httppolicyset-id required: true type: string - in: body name: ALBHTTPPolicySet required: true schema: $ref: '#/definitions/ALBHTTPPolicySet' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBHTTPPolicySet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBHTTPPolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb HTTP Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ip-addr-groups: get: consumes: - application/json description: | Paginated list of all ALBIpAddrGroup for infra. operationId: ListALBIpAddrGroup parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBIpAddrGroupApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBIpAddrGroup for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb IP Addr Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ip-addr-groups/{alb-ipaddrgroup-id}: delete: consumes: - application/json description: | Delete the ALBIpAddrGroup along with all the entities contained by this ALBIpAddrGroup. operationId: DeleteALBIpAddrGroup parameters: - description: |- ALBIpAddrGroup ID in: path name: alb-ipaddrgroup-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBIpAddrGroup and all the entities contained by this ALBIpAddrGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb IP Addr Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBIpAddrGroup. operationId: ReadALBIpAddrGroup parameters: - description: |- ALBIpAddrGroup ID in: path name: alb-ipaddrgroup-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBIpAddrGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBIpAddrGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb IP Addr Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBipaddrgroup with the alb-ipaddrgroup-id is not already present, create a new ALBipaddrgroup. If it already exists, update the ALBipaddrgroup. This is a full replace. operationId: PatchALBIpAddrGroup parameters: - description: |- ALBipaddrgroup ID in: path name: alb-ipaddrgroup-id required: true type: string - in: body name: ALBIpAddrGroup required: true schema: $ref: '#/definitions/ALBIpAddrGroup' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBipaddrgroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb IP Addr Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBIpAddrGroup with the alb-IpAddrGroup-id is not already present, create a new ALBIpAddrGroup. If it already exists, update the ALBIpAddrGroup. This is a full replace. operationId: UpdateALBIpAddrGroup parameters: - description: |- ALBIpAddrGroup ID in: path name: alb-ipaddrgroup-id required: true type: string - in: body name: ALBIpAddrGroup required: true schema: $ref: '#/definitions/ALBIpAddrGroup' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBIpAddrGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBIpAddrGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb IP Addr Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-l4-policy-sets: get: consumes: - application/json description: | Paginated list of all ALBL4PolicySet for infra. operationId: ListALBL4PolicySet parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBL4PolicySetApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBL4PolicySet for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb L4 Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-l4-policy-sets/{alb-l4policyset-id}: delete: consumes: - application/json description: | Delete the ALBL4PolicySet along with all the entities contained by this ALBL4PolicySet. operationId: DeleteALBL4PolicySet parameters: - description: |- ALBL4PolicySet ID in: path name: alb-l4policyset-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBL4PolicySet and all the entities contained by this ALBL4PolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb L4 Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBL4PolicySet. operationId: ReadALBL4PolicySet parameters: - description: |- ALBL4PolicySet ID in: path name: alb-l4policyset-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBL4PolicySet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBL4PolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb L4 Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBl4policyset with the alb-l4policyset-id is not already present, create a new ALBl4policyset. If it already exists, update the ALBl4policyset. This is a full replace. operationId: PatchALBL4PolicySet parameters: - description: |- ALBl4policyset ID in: path name: alb-l4policyset-id required: true type: string - in: body name: ALBL4PolicySet required: true schema: $ref: '#/definitions/ALBL4PolicySet' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBl4policyset tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb L4 Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBL4PolicySet with the alb-L4PolicySet-id is not already present, create a new ALBL4PolicySet. If it already exists, update the ALBL4PolicySet. This is a full replace. operationId: UpdateALBL4PolicySet parameters: - description: |- ALBL4PolicySet ID in: path name: alb-l4policyset-id required: true type: string - in: body name: ALBL4PolicySet required: true schema: $ref: '#/definitions/ALBL4PolicySet' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBL4PolicySet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBL4PolicySet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb L4 Policy Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-network-profiles: get: consumes: - application/json description: | Paginated list of all ALBNetworkProfile for infra. operationId: ListALBNetworkProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBNetworkProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-network-profiles/{alb-networkprofile-id}: delete: consumes: - application/json description: | Delete the ALBNetworkProfile along with all the entities contained by this ALBNetworkProfile. operationId: DeleteALBNetworkProfile parameters: - description: |- ALBNetworkProfile ID in: path name: alb-networkprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBNetworkProfile and all the entities contained by this ALBNetworkProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBNetworkProfile. operationId: ReadALBNetworkProfile parameters: - description: |- ALBNetworkProfile ID in: path name: alb-networkprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBNetworkProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBnetworkprofile with the alb-networkprofile-id is not already present, create a new ALBnetworkprofile. If it already exists, update the ALBnetworkprofile. This is a full replace. operationId: PatchALBNetworkProfile parameters: - description: |- ALBnetworkprofile ID in: path name: alb-networkprofile-id required: true type: string - in: body name: ALBNetworkProfile required: true schema: $ref: '#/definitions/ALBNetworkProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBnetworkprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBNetworkProfile with the alb-NetworkProfile-id is not already present, create a new ALBNetworkProfile. If it already exists, update the ALBNetworkProfile. This is a full replace. operationId: UpdateALBNetworkProfile parameters: - description: |- ALBNetworkProfile ID in: path name: alb-networkprofile-id required: true type: string - in: body name: ALBNetworkProfile required: true schema: $ref: '#/definitions/ALBNetworkProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBNetworkProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-network-security-policies: get: consumes: - application/json description: | Paginated list of all ALBNetworkSecurityPolicy for infra. operationId: ListALBNetworkSecurityPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkSecurityPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBNetworkSecurityPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-network-security-policies/{alb-networksecuritypolicy-id}: delete: consumes: - application/json description: | Delete the ALBNetworkSecurityPolicy along with all the entities contained by this ALBNetworkSecurityPolicy. operationId: DeleteALBNetworkSecurityPolicy parameters: - description: |- ALBNetworkSecurityPolicy ID in: path name: alb-networksecuritypolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBNetworkSecurityPolicy and all the entities contained by this ALBNetworkSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBNetworkSecurityPolicy. operationId: ReadALBNetworkSecurityPolicy parameters: - description: |- ALBNetworkSecurityPolicy ID in: path name: alb-networksecuritypolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkSecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBNetworkSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBnetworksecuritypolicy with the alb-networksecuritypolicy-id is not already present, create a new ALBnetworksecuritypolicy. If it already exists, update the ALBnetworksecuritypolicy. This is a full replace. operationId: PatchALBNetworkSecurityPolicy parameters: - description: |- ALBnetworksecuritypolicy ID in: path name: alb-networksecuritypolicy-id required: true type: string - in: body name: ALBNetworkSecurityPolicy required: true schema: $ref: '#/definitions/ALBNetworkSecurityPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBnetworksecuritypolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBNetworkSecurityPolicy with the alb-NetworkSecurityPolicy-id is not already present, create a new ALBNetworkSecurityPolicy. If it already exists, update the ALBNetworkSecurityPolicy. This is a full replace. operationId: UpdateALBNetworkSecurityPolicy parameters: - description: |- ALBNetworkSecurityPolicy ID in: path name: alb-networksecuritypolicy-id required: true type: string - in: body name: ALBNetworkSecurityPolicy required: true schema: $ref: '#/definitions/ALBNetworkSecurityPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBNetworkSecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBNetworkSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Network Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pki-profiles: get: consumes: - application/json description: | Paginated list of all ALBPKIProfile for infra. operationId: ListALBPKIProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPKIProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBPKIProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pki Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pki-profiles/{alb-pkiprofile-id}: delete: consumes: - application/json description: | Delete the ALBPKIProfile along with all the entities contained by this ALBPKIProfile. operationId: DeleteALBPKIProfile parameters: - description: |- ALBPKIProfile ID in: path name: alb-pkiprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBPKIProfile and all the entities contained by this ALBPKIProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pki Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBPKIProfile. operationId: ReadALBPKIProfile parameters: - description: |- ALBPKIProfile ID in: path name: alb-pkiprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPKIProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBPKIProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pki Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBpkiprofile with the alb-pkiprofile-id is not already present, create a new ALBpkiprofile. If it already exists, update the ALBpkiprofile. This is a full replace. operationId: PatchALBPKIProfile parameters: - description: |- ALBpkiprofile ID in: path name: alb-pkiprofile-id required: true type: string - in: body name: ALBPKIProfile required: true schema: $ref: '#/definitions/ALBPKIProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBpkiprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pki Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBPKIProfile with the alb-PKIProfile-id is not already present, create a new ALBPKIProfile. If it already exists, update the ALBPKIProfile. This is a full replace. operationId: UpdateALBPKIProfile parameters: - description: |- ALBPKIProfile ID in: path name: alb-pkiprofile-id required: true type: string - in: body name: ALBPKIProfile required: true schema: $ref: '#/definitions/ALBPKIProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPKIProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBPKIProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pki Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pool-group-deployment-policies: get: consumes: - application/json description: | Paginated list of all ALBPoolGroupDeploymentPolicy for infra. operationId: ListALBPoolGroupDeploymentPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroupDeploymentPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBPoolGroupDeploymentPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Group Deployment Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pool-group-deployment-policies/{alb-poolgroupdeploymentpolicy-id}: delete: consumes: - application/json description: | Delete the ALBPoolGroupDeploymentPolicy along with all the entities contained by this ALBPoolGroupDeploymentPolicy. operationId: DeleteALBPoolGroupDeploymentPolicy parameters: - description: |- ALBPoolGroupDeploymentPolicy ID in: path name: alb-poolgroupdeploymentpolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBPoolGroupDeploymentPolicy and all the entities contained by this ALBPoolGroupDeploymentPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Group Deployment Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBPoolGroupDeploymentPolicy. operationId: ReadALBPoolGroupDeploymentPolicy parameters: - description: |- ALBPoolGroupDeploymentPolicy ID in: path name: alb-poolgroupdeploymentpolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBPoolGroupDeploymentPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Group Deployment Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBpoolgroupdeploymentpolicy with the alb-poolgroupdeploymentpolicy-id is not already present, create a new ALBpoolgroupdeploymentpolicy. If it already exists, update the ALBpoolgroupdeploymentpolicy. This is a full replace. operationId: PatchALBPoolGroupDeploymentPolicy parameters: - description: |- ALBpoolgroupdeploymentpolicy ID in: path name: alb-poolgroupdeploymentpolicy-id required: true type: string - in: body name: ALBPoolGroupDeploymentPolicy required: true schema: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBpoolgroupdeploymentpolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Group Deployment Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBPoolGroupDeploymentPolicy with the alb-PoolGroupDeploymentPolicy-id is not already present, create a new ALBPoolGroupDeploymentPolicy. If it already exists, update the ALBPoolGroupDeploymentPolicy. This is a full replace. operationId: UpdateALBPoolGroupDeploymentPolicy parameters: - description: |- ALBPoolGroupDeploymentPolicy ID in: path name: alb-poolgroupdeploymentpolicy-id required: true type: string - in: body name: ALBPoolGroupDeploymentPolicy required: true schema: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBPoolGroupDeploymentPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Group Deployment Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pool-groups: get: consumes: - application/json description: | Paginated list of all ALBPoolGroup for infra. operationId: ListALBPoolGroup parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroupApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBPoolGroup for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pool-groups/{alb-poolgroup-id}: delete: consumes: - application/json description: | Delete the ALBPoolGroup along with all the entities contained by this ALBPoolGroup. operationId: DeleteALBPoolGroup parameters: - description: |- ALBPoolGroup ID in: path name: alb-poolgroup-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBPoolGroup and all the entities contained by this ALBPoolGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBPoolGroup. operationId: ReadALBPoolGroup parameters: - description: |- ALBPoolGroup ID in: path name: alb-poolgroup-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBPoolGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBpoolgroup with the alb-poolgroup-id is not already present, create a new ALBpoolgroup. If it already exists, update the ALBpoolgroup. This is a full replace. operationId: PatchALBPoolGroup parameters: - description: |- ALBpoolgroup ID in: path name: alb-poolgroup-id required: true type: string - in: body name: ALBPoolGroup required: true schema: $ref: '#/definitions/ALBPoolGroup' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBpoolgroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBPoolGroup with the alb-PoolGroup-id is not already present, create a new ALBPoolGroup. If it already exists, update the ALBPoolGroup. This is a full replace. operationId: UpdateALBPoolGroup parameters: - description: |- ALBPoolGroup ID in: path name: alb-poolgroup-id required: true type: string - in: body name: ALBPoolGroup required: true schema: $ref: '#/definitions/ALBPoolGroup' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBPoolGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pool Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pools: get: consumes: - application/json description: | Paginated list of all ALBPool for infra. operationId: ListALBPool parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPoolApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBPool for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pools x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-pools/{alb-pool-id}: delete: consumes: - application/json description: | Delete the ALBPool along with all the entities contained by this ALBPool. operationId: DeleteALBPool parameters: - description: |- ALBPool ID in: path name: alb-pool-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBPool and all the entities contained by this ALBPool tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pools x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBPool. operationId: ReadALBPool parameters: - description: |- ALBPool ID in: path name: alb-pool-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPool' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBPool tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pools x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBpool with the alb-pool-id is not already present, create a new ALBpool. If it already exists, update the ALBpool. This is a full replace. operationId: PatchALBPool parameters: - description: |- ALBpool ID in: path name: alb-pool-id required: true type: string - in: body name: ALBPool required: true schema: $ref: '#/definitions/ALBPool' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBpool tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pools x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBPool with the alb-Pool-id is not already present, create a new ALBPool. If it already exists, update the ALBPool. This is a full replace. operationId: UpdateALBPool parameters: - description: |- ALBPool ID in: path name: alb-pool-id required: true type: string - in: body name: ALBPool required: true schema: $ref: '#/definitions/ALBPool' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPool' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBPool tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Pools x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-priority-labels: get: consumes: - application/json description: | Paginated list of all ALBPriorityLabels for infra. operationId: ListALBPriorityLabels parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPriorityLabelsApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBPriorityLabels for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Priority Labels x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-priority-labels/{alb-prioritylabels-id}: delete: consumes: - application/json description: | Delete the ALBPriorityLabels along with all the entities contained by this ALBPriorityLabels. operationId: DeleteALBPriorityLabels parameters: - description: |- ALBPriorityLabels ID in: path name: alb-prioritylabels-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBPriorityLabels and all the entities contained by this ALBPriorityLabels tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Priority Labels x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBPriorityLabels. operationId: ReadALBPriorityLabels parameters: - description: |- ALBPriorityLabels ID in: path name: alb-prioritylabels-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPriorityLabels' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBPriorityLabels tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Priority Labels x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBprioritylabels with the alb-prioritylabels-id is not already present, create a new ALBprioritylabels. If it already exists, update the ALBprioritylabels. This is a full replace. operationId: PatchALBPriorityLabels parameters: - description: |- ALBprioritylabels ID in: path name: alb-prioritylabels-id required: true type: string - in: body name: ALBPriorityLabels required: true schema: $ref: '#/definitions/ALBPriorityLabels' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBprioritylabels tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Priority Labels x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBPriorityLabels with the alb-PriorityLabels-id is not already present, create a new ALBPriorityLabels. If it already exists, update the ALBPriorityLabels. This is a full replace. operationId: UpdateALBPriorityLabels parameters: - description: |- ALBPriorityLabels ID in: path name: alb-prioritylabels-id required: true type: string - in: body name: ALBPriorityLabels required: true schema: $ref: '#/definitions/ALBPriorityLabels' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBPriorityLabels' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBPriorityLabels tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Priority Labels x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-protocol-parsers: get: consumes: - application/json description: | Paginated list of all ALBProtocolParser for infra. operationId: ListALBProtocolParser parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBProtocolParserApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBProtocolParser for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Protocol Parsers x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-protocol-parsers/{alb-protocolparser-id}: delete: consumes: - application/json description: | Delete the ALBProtocolParser along with all the entities contained by this ALBProtocolParser. operationId: DeleteALBProtocolParser parameters: - description: |- ALBProtocolParser ID in: path name: alb-protocolparser-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBProtocolParser and all the entities contained by this ALBProtocolParser tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Protocol Parsers x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBProtocolParser. operationId: ReadALBProtocolParser parameters: - description: |- ALBProtocolParser ID in: path name: alb-protocolparser-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBProtocolParser' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBProtocolParser tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Protocol Parsers x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBprotocolparser with the alb-protocolparser-id is not already present, create a new ALBprotocolparser. If it already exists, update the ALBprotocolparser. This is a full replace. operationId: PatchALBProtocolParser parameters: - description: |- ALBprotocolparser ID in: path name: alb-protocolparser-id required: true type: string - in: body name: ALBProtocolParser required: true schema: $ref: '#/definitions/ALBProtocolParser' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBprotocolparser tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Protocol Parsers x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBProtocolParser with the alb-ProtocolParser-id is not already present, create a new ALBProtocolParser. If it already exists, update the ALBProtocolParser. This is a full replace. operationId: UpdateALBProtocolParser parameters: - description: |- ALBProtocolParser ID in: path name: alb-protocolparser-id required: true type: string - in: body name: ALBProtocolParser required: true schema: $ref: '#/definitions/ALBProtocolParser' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBProtocolParser' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBProtocolParser tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Protocol Parsers x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-security-policies: get: consumes: - application/json description: | Paginated list of all ALBSecurityPolicy for infra. operationId: ListALBSecurityPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSecurityPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBSecurityPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-security-policies/{alb-securitypolicy-id}: delete: consumes: - application/json description: | Delete the ALBSecurityPolicy along with all the entities contained by this ALBSecurityPolicy. operationId: DeleteALBSecurityPolicy parameters: - description: |- ALBSecurityPolicy ID in: path name: alb-securitypolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBSecurityPolicy and all the entities contained by this ALBSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBSecurityPolicy. operationId: ReadALBSecurityPolicy parameters: - description: |- ALBSecurityPolicy ID in: path name: alb-securitypolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBsecuritypolicy with the alb-securitypolicy-id is not already present, create a new ALBsecuritypolicy. If it already exists, update the ALBsecuritypolicy. This is a full replace. operationId: PatchALBSecurityPolicy parameters: - description: |- ALBsecuritypolicy ID in: path name: alb-securitypolicy-id required: true type: string - in: body name: ALBSecurityPolicy required: true schema: $ref: '#/definitions/ALBSecurityPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBsecuritypolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBSecurityPolicy with the alb-SecurityPolicy-id is not already present, create a new ALBSecurityPolicy. If it already exists, update the ALBSecurityPolicy. This is a full replace. operationId: UpdateALBSecurityPolicy parameters: - description: |- ALBSecurityPolicy ID in: path name: alb-securitypolicy-id required: true type: string - in: body name: ALBSecurityPolicy required: true schema: $ref: '#/definitions/ALBSecurityPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBSecurityPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Security Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-server-auto-scale-policies: get: consumes: - application/json description: | Paginated list of all ALBServerAutoScalePolicy for infra. operationId: ListALBServerAutoScalePolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBServerAutoScalePolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBServerAutoScalePolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Server Auto Scale Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-server-auto-scale-policies/{alb-serverautoscalepolicy-id}: delete: consumes: - application/json description: | Delete the ALBServerAutoScalePolicy along with all the entities contained by this ALBServerAutoScalePolicy. operationId: DeleteALBServerAutoScalePolicy parameters: - description: |- ALBServerAutoScalePolicy ID in: path name: alb-serverautoscalepolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBServerAutoScalePolicy and all the entities contained by this ALBServerAutoScalePolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Server Auto Scale Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBServerAutoScalePolicy. operationId: ReadALBServerAutoScalePolicy parameters: - description: |- ALBServerAutoScalePolicy ID in: path name: alb-serverautoscalepolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBServerAutoScalePolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBServerAutoScalePolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Server Auto Scale Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBserverautoscalepolicy with the alb-serverautoscalepolicy-id is not already present, create a new ALBserverautoscalepolicy. If it already exists, update the ALBserverautoscalepolicy. This is a full replace. operationId: PatchALBServerAutoScalePolicy parameters: - description: |- ALBserverautoscalepolicy ID in: path name: alb-serverautoscalepolicy-id required: true type: string - in: body name: ALBServerAutoScalePolicy required: true schema: $ref: '#/definitions/ALBServerAutoScalePolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBserverautoscalepolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Server Auto Scale Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBServerAutoScalePolicy with the alb-ServerAutoScalePolicy-id is not already present, create a new ALBServerAutoScalePolicy. If it already exists, update the ALBServerAutoScalePolicy. This is a full replace. operationId: UpdateALBServerAutoScalePolicy parameters: - description: |- ALBServerAutoScalePolicy ID in: path name: alb-serverautoscalepolicy-id required: true type: string - in: body name: ALBServerAutoScalePolicy required: true schema: $ref: '#/definitions/ALBServerAutoScalePolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBServerAutoScalePolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBServerAutoScalePolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Server Auto Scale Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ssl-key-and-certificates: get: consumes: - application/json description: | Paginated list of all ALBSSLKeyAndCertificate for infra. operationId: ListALBSSLKeyAndCertificate parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLKeyAndCertificateApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBSSLKeyAndCertificate for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Key And Certificates x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ssl-key-and-certificates/{alb-sslkeyandcertificate-id}: delete: consumes: - application/json description: | Delete the ALBSSLKeyAndCertificate along with all the entities contained by this ALBSSLKeyAndCertificate. operationId: DeleteALBSSLKeyAndCertificate parameters: - description: |- ALBSSLKeyAndCertificate ID in: path name: alb-sslkeyandcertificate-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBSSLKeyAndCertificate and all the entities contained by this ALBSSLKeyAndCertificate tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Key And Certificates x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBSSLKeyAndCertificate. operationId: ReadALBSSLKeyAndCertificate parameters: - description: |- ALBSSLKeyAndCertificate ID in: path name: alb-sslkeyandcertificate-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLKeyAndCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBSSLKeyAndCertificate tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Key And Certificates x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBsslkeyandcertificate with the alb-sslkeyandcertificate-id is not already present, create a new ALBsslkeyandcertificate. If it already exists, update the ALBsslkeyandcertificate. This is a full replace. operationId: PatchALBSSLKeyAndCertificate parameters: - description: |- ALBsslkeyandcertificate ID in: path name: alb-sslkeyandcertificate-id required: true type: string - in: body name: ALBSSLKeyAndCertificate required: true schema: $ref: '#/definitions/ALBSSLKeyAndCertificate' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBsslkeyandcertificate tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Key And Certificates x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBSSLKeyAndCertificate with the alb-SSLKeyAndCertificate-id is not already present, create a new ALBSSLKeyAndCertificate. If it already exists, update the ALBSSLKeyAndCertificate. This is a full replace. operationId: UpdateALBSSLKeyAndCertificate parameters: - description: |- ALBSSLKeyAndCertificate ID in: path name: alb-sslkeyandcertificate-id required: true type: string - in: body name: ALBSSLKeyAndCertificate required: true schema: $ref: '#/definitions/ALBSSLKeyAndCertificate' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLKeyAndCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBSSLKeyAndCertificate tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Key And Certificates x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ssl-profiles: get: consumes: - application/json description: | Paginated list of all ALBSSLProfile for infra. operationId: ListALBSSLProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBSSLProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-ssl-profiles/{alb-sslprofile-id}: delete: consumes: - application/json description: | Delete the ALBSSLProfile along with all the entities contained by this ALBSSLProfile. operationId: DeleteALBSSLProfile parameters: - description: |- ALBSSLProfile ID in: path name: alb-sslprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBSSLProfile and all the entities contained by this ALBSSLProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBSSLProfile. operationId: ReadALBSSLProfile parameters: - description: |- ALBSSLProfile ID in: path name: alb-sslprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBSSLProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBsslprofile with the alb-sslprofile-id is not already present, create a new ALBsslprofile. If it already exists, update the ALBsslprofile. This is a full replace. operationId: PatchALBSSLProfile parameters: - description: |- ALBsslprofile ID in: path name: alb-sslprofile-id required: true type: string - in: body name: ALBSSLProfile required: true schema: $ref: '#/definitions/ALBSSLProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBsslprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBSSLProfile with the alb-SSLProfile-id is not already present, create a new ALBSSLProfile. If it already exists, update the ALBSSLProfile. This is a full replace. operationId: UpdateALBSSLProfile parameters: - description: |- ALBSSLProfile ID in: path name: alb-sslprofile-id required: true type: string - in: body name: ALBSSLProfile required: true schema: $ref: '#/definitions/ALBSSLProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSLProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBSSLProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb SSL Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-sso-policies: get: consumes: - application/json description: | Paginated list of all ALBSSOPolicy for infra. operationId: ListALBSSOPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSOPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBSSOPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Sso Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-sso-policies/{alb-ssopolicy-id}: delete: consumes: - application/json description: | Delete the ALBSSOPolicy along with all the entities contained by this ALBSSOPolicy. operationId: DeleteALBSSOPolicy parameters: - description: |- ALBSSOPolicy ID in: path name: alb-ssopolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBSSOPolicy and all the entities contained by this ALBSSOPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Sso Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBSSOPolicy. operationId: ReadALBSSOPolicy parameters: - description: |- ALBSSOPolicy ID in: path name: alb-ssopolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSOPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBSSOPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Sso Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBssopolicy with the alb-ssopolicy-id is not already present, create a new ALBssopolicy. If it already exists, update the ALBssopolicy. This is a full replace. operationId: PatchALBSSOPolicy parameters: - description: |- ALBssopolicy ID in: path name: alb-ssopolicy-id required: true type: string - in: body name: ALBSSOPolicy required: true schema: $ref: '#/definitions/ALBSSOPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBssopolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Sso Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBSSOPolicy with the alb-SSOPolicy-id is not already present, create a new ALBSSOPolicy. If it already exists, update the ALBSSOPolicy. This is a full replace. operationId: UpdateALBSSOPolicy parameters: - description: |- ALBSSOPolicy ID in: path name: alb-ssopolicy-id required: true type: string - in: body name: ALBSSOPolicy required: true schema: $ref: '#/definitions/ALBSSOPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBSSOPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBSSOPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Sso Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-string-groups: get: consumes: - application/json description: | Paginated list of all ALBStringGroup for infra. operationId: ListALBStringGroup parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBStringGroupApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBStringGroup for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb String Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-string-groups/{alb-stringgroup-id}: delete: consumes: - application/json description: | Delete the ALBStringGroup along with all the entities contained by this ALBStringGroup. operationId: DeleteALBStringGroup parameters: - description: |- ALBStringGroup ID in: path name: alb-stringgroup-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBStringGroup and all the entities contained by this ALBStringGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb String Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBStringGroup. operationId: ReadALBStringGroup parameters: - description: |- ALBStringGroup ID in: path name: alb-stringgroup-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBStringGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBStringGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb String Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBstringgroup with the alb-stringgroup-id is not already present, create a new ALBstringgroup. If it already exists, update the ALBstringgroup. This is a full replace. operationId: PatchALBStringGroup parameters: - description: |- ALBstringgroup ID in: path name: alb-stringgroup-id required: true type: string - in: body name: ALBStringGroup required: true schema: $ref: '#/definitions/ALBStringGroup' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBstringgroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb String Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBStringGroup with the alb-StringGroup-id is not already present, create a new ALBStringGroup. If it already exists, update the ALBStringGroup. This is a full replace. operationId: UpdateALBStringGroup parameters: - description: |- ALBStringGroup ID in: path name: alb-stringgroup-id required: true type: string - in: body name: ALBStringGroup required: true schema: $ref: '#/definitions/ALBStringGroup' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBStringGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBStringGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb String Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-traffic-clone-profiles: get: consumes: - application/json description: | Paginated list of all ALBTrafficCloneProfile for infra. operationId: ListALBTrafficCloneProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBTrafficCloneProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBTrafficCloneProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Traffic Clone Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-traffic-clone-profiles/{alb-trafficcloneprofile-id}: delete: consumes: - application/json description: | Delete the ALBTrafficCloneProfile along with all the entities contained by this ALBTrafficCloneProfile. operationId: DeleteALBTrafficCloneProfile parameters: - description: |- ALBTrafficCloneProfile ID in: path name: alb-trafficcloneprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBTrafficCloneProfile and all the entities contained by this ALBTrafficCloneProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Traffic Clone Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBTrafficCloneProfile. operationId: ReadALBTrafficCloneProfile parameters: - description: |- ALBTrafficCloneProfile ID in: path name: alb-trafficcloneprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBTrafficCloneProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBTrafficCloneProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Traffic Clone Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBtrafficcloneprofile with the alb-trafficcloneprofile-id is not already present, create a new ALBtrafficcloneprofile. If it already exists, update the ALBtrafficcloneprofile. This is a full replace. operationId: PatchALBTrafficCloneProfile parameters: - description: |- ALBtrafficcloneprofile ID in: path name: alb-trafficcloneprofile-id required: true type: string - in: body name: ALBTrafficCloneProfile required: true schema: $ref: '#/definitions/ALBTrafficCloneProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBtrafficcloneprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Traffic Clone Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBTrafficCloneProfile with the alb-TrafficCloneProfile-id is not already present, create a new ALBTrafficCloneProfile. If it already exists, update the ALBTrafficCloneProfile. This is a full replace. operationId: UpdateALBTrafficCloneProfile parameters: - description: |- ALBTrafficCloneProfile ID in: path name: alb-trafficcloneprofile-id required: true type: string - in: body name: ALBTrafficCloneProfile required: true schema: $ref: '#/definitions/ALBTrafficCloneProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBTrafficCloneProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBTrafficCloneProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Traffic Clone Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-virtual-services: get: consumes: - application/json description: | Paginated list of all ALBVirtualService for infra. operationId: ListALBVirtualService parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVirtualServiceApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBVirtualService for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Virtual Services x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-virtual-services/{alb-virtualservice-id}: delete: consumes: - application/json description: | Delete the ALBVirtualService along with all the entities contained by this ALBVirtualService. operationId: DeleteALBVirtualService parameters: - description: |- ALBVirtualService ID in: path name: alb-virtualservice-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBVirtualService and all the entities contained by this ALBVirtualService tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Virtual Services x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBVirtualService. operationId: ReadALBVirtualService parameters: - description: |- ALBVirtualService ID in: path name: alb-virtualservice-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVirtualService' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBVirtualService tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Virtual Services x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBvirtualservice with the alb-virtualservice-id is not already present, create a new ALBvirtualservice. If it already exists, update the ALBvirtualservice. This is a full replace. operationId: PatchALBVirtualService parameters: - description: |- ALBvirtualservice ID in: path name: alb-virtualservice-id required: true type: string - in: body name: ALBVirtualService required: true schema: $ref: '#/definitions/ALBVirtualService' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBvirtualservice tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Virtual Services x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBVirtualService with the alb-VirtualService-id is not already present, create a new ALBVirtualService. If it already exists, update the ALBVirtualService. This is a full replace. operationId: UpdateALBVirtualService parameters: - description: |- ALBVirtualService ID in: path name: alb-virtualservice-id required: true type: string - in: body name: ALBVirtualService required: true schema: $ref: '#/definitions/ALBVirtualService' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVirtualService' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBVirtualService tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Virtual Services x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-vs-data-script-sets: get: consumes: - application/json description: | Paginated list of all ALBVSDataScriptSet for infra. operationId: ListALBVSDataScriptSet parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVSDataScriptSetApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBVSDataScriptSet for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Data Script Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-vs-data-script-sets/{alb-vsdatascriptset-id}: delete: consumes: - application/json description: | Delete the ALBVSDataScriptSet along with all the entities contained by this ALBVSDataScriptSet. operationId: DeleteALBVSDataScriptSet parameters: - description: |- ALBVSDataScriptSet ID in: path name: alb-vsdatascriptset-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBVSDataScriptSet and all the entities contained by this ALBVSDataScriptSet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Data Script Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBVSDataScriptSet. operationId: ReadALBVSDataScriptSet parameters: - description: |- ALBVSDataScriptSet ID in: path name: alb-vsdatascriptset-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVSDataScriptSet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBVSDataScriptSet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Data Script Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBvsdatascriptset with the alb-vsdatascriptset-id is not already present, create a new ALBvsdatascriptset. If it already exists, update the ALBvsdatascriptset. This is a full replace. operationId: PatchALBVSDataScriptSet parameters: - description: |- ALBvsdatascriptset ID in: path name: alb-vsdatascriptset-id required: true type: string - in: body name: ALBVSDataScriptSet required: true schema: $ref: '#/definitions/ALBVSDataScriptSet' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBvsdatascriptset tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Data Script Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBVSDataScriptSet with the alb-VSDataScriptSet-id is not already present, create a new ALBVSDataScriptSet. If it already exists, update the ALBVSDataScriptSet. This is a full replace. operationId: UpdateALBVSDataScriptSet parameters: - description: |- ALBVSDataScriptSet ID in: path name: alb-vsdatascriptset-id required: true type: string - in: body name: ALBVSDataScriptSet required: true schema: $ref: '#/definitions/ALBVSDataScriptSet' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVSDataScriptSet' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBVSDataScriptSet tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Data Script Sets x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-vs-vips: get: consumes: - application/json description: | Paginated list of all ALBVsVip for infra. operationId: ListALBVsVip parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVsVipApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBVsVip for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Vips x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-vs-vips/{alb-vsvip-id}: delete: consumes: - application/json description: | Delete the ALBVsVip along with all the entities contained by this ALBVsVip. operationId: DeleteALBVsVip parameters: - description: |- ALBVsVip ID in: path name: alb-vsvip-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBVsVip and all the entities contained by this ALBVsVip tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Vips x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBVsVip. operationId: ReadALBVsVip parameters: - description: |- ALBVsVip ID in: path name: alb-vsvip-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVsVip' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBVsVip tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Vips x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBvsvip with the alb-vsvip-id is not already present, create a new ALBvsvip. If it already exists, update the ALBvsvip. This is a full replace. operationId: PatchALBVsVip parameters: - description: |- ALBvsvip ID in: path name: alb-vsvip-id required: true type: string - in: body name: ALBVsVip required: true schema: $ref: '#/definitions/ALBVsVip' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBvsvip tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Vips x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBVsVip with the alb-VsVip-id is not already present, create a new ALBVsVip. If it already exists, update the ALBVsVip. This is a full replace. operationId: UpdateALBVsVip parameters: - description: |- ALBVsVip ID in: path name: alb-vsvip-id required: true type: string - in: body name: ALBVsVip required: true schema: $ref: '#/definitions/ALBVsVip' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBVsVip' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBVsVip tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Vs Vips x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-crs: get: consumes: - application/json description: | Paginated list of all ALBWafCRS for infra. operationId: ListALBWafCRS parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafCRSApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBWafCRS for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Crs x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-crs/{alb-wafcrs-id}: delete: consumes: - application/json description: | Delete the ALBWafCRS along with all the entities contained by this ALBWafCRS. operationId: DeleteALBWafCRS parameters: - description: |- ALBWafCRS ID in: path name: alb-wafcrs-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBWafCRS and all the entities contained by this ALBWafCRS tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Crs x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBWafCRS. operationId: ReadALBWafCRS parameters: - description: |- ALBWafCRS ID in: path name: alb-wafcrs-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafCRS' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBWafCRS tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Crs x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBwafcrs with the alb-wafcrs-id is not already present, create a new ALBwafcrs. If it already exists, update the ALBwafcrs. This is a full replace. operationId: PatchALBWafCRS parameters: - description: |- ALBwafcrs ID in: path name: alb-wafcrs-id required: true type: string - in: body name: ALBWafCRS required: true schema: $ref: '#/definitions/ALBWafCRS' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBwafcrs tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Crs x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBWafCRS with the alb-WafCRS-id is not already present, create a new ALBWafCRS. If it already exists, update the ALBWafCRS. This is a full replace. operationId: UpdateALBWafCRS parameters: - description: |- ALBWafCRS ID in: path name: alb-wafcrs-id required: true type: string - in: body name: ALBWafCRS required: true schema: $ref: '#/definitions/ALBWafCRS' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafCRS' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBWafCRS tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Crs x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-policies: get: consumes: - application/json description: | Paginated list of all ALBWafPolicy for infra. operationId: ListALBWafPolicy parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicyApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBWafPolicy for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-policies/{alb-wafpolicy-id}: delete: consumes: - application/json description: | Delete the ALBWafPolicy along with all the entities contained by this ALBWafPolicy. operationId: DeleteALBWafPolicy parameters: - description: |- ALBWafPolicy ID in: path name: alb-wafpolicy-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBWafPolicy and all the entities contained by this ALBWafPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBWafPolicy. operationId: ReadALBWafPolicy parameters: - description: |- ALBWafPolicy ID in: path name: alb-wafpolicy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBWafPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBwafpolicy with the alb-wafpolicy-id is not already present, create a new ALBwafpolicy. If it already exists, update the ALBwafpolicy. This is a full replace. operationId: PatchALBWafPolicy parameters: - description: |- ALBwafpolicy ID in: path name: alb-wafpolicy-id required: true type: string - in: body name: ALBWafPolicy required: true schema: $ref: '#/definitions/ALBWafPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBwafpolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBWafPolicy with the alb-WafPolicy-id is not already present, create a new ALBWafPolicy. If it already exists, update the ALBWafPolicy. This is a full replace. operationId: UpdateALBWafPolicy parameters: - description: |- ALBWafPolicy ID in: path name: alb-wafpolicy-id required: true type: string - in: body name: ALBWafPolicy required: true schema: $ref: '#/definitions/ALBWafPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBWafPolicy tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policies x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-policy-psm-groups: get: consumes: - application/json description: | Paginated list of all ALBWafPolicyPSMGroup for infra. operationId: ListALBWafPolicyPSMGroup parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicyPSMGroupApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBWafPolicyPSMGroup for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policy Psm Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-policy-psm-groups/{alb-wafpolicypsmgroup-id}: delete: consumes: - application/json description: | Delete the ALBWafPolicyPSMGroup along with all the entities contained by this ALBWafPolicyPSMGroup. operationId: DeleteALBWafPolicyPSMGroup parameters: - description: |- ALBWafPolicyPSMGroup ID in: path name: alb-wafpolicypsmgroup-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBWafPolicyPSMGroup and all the entities contained by this ALBWafPolicyPSMGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policy Psm Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBWafPolicyPSMGroup. operationId: ReadALBWafPolicyPSMGroup parameters: - description: |- ALBWafPolicyPSMGroup ID in: path name: alb-wafpolicypsmgroup-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicyPSMGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBWafPolicyPSMGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policy Psm Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBwafpolicypsmgroup with the alb-wafpolicypsmgroup-id is not already present, create a new ALBwafpolicypsmgroup. If it already exists, update the ALBwafpolicypsmgroup. This is a full replace. operationId: PatchALBWafPolicyPSMGroup parameters: - description: |- ALBwafpolicypsmgroup ID in: path name: alb-wafpolicypsmgroup-id required: true type: string - in: body name: ALBWafPolicyPSMGroup required: true schema: $ref: '#/definitions/ALBWafPolicyPSMGroup' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBwafpolicypsmgroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policy Psm Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBWafPolicyPSMGroup with the alb-WafPolicyPSMGroup-id is not already present, create a new ALBWafPolicyPSMGroup. If it already exists, update the ALBWafPolicyPSMGroup. This is a full replace. operationId: UpdateALBWafPolicyPSMGroup parameters: - description: |- ALBWafPolicyPSMGroup ID in: path name: alb-wafpolicypsmgroup-id required: true type: string - in: body name: ALBWafPolicyPSMGroup required: true schema: $ref: '#/definitions/ALBWafPolicyPSMGroup' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafPolicyPSMGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBWafPolicyPSMGroup tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Policy Psm Groups x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-profiles: get: consumes: - application/json description: | Paginated list of all ALBWafProfile for infra. operationId: ListALBWafProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafProfileApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBWafProfile for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-waf-profiles/{alb-wafprofile-id}: delete: consumes: - application/json description: | Delete the ALBWafProfile along with all the entities contained by this ALBWafProfile. operationId: DeleteALBWafProfile parameters: - description: |- ALBWafProfile ID in: path name: alb-wafprofile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBWafProfile and all the entities contained by this ALBWafProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBWafProfile. operationId: ReadALBWafProfile parameters: - description: |- ALBWafProfile ID in: path name: alb-wafprofile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBWafProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBwafprofile with the alb-wafprofile-id is not already present, create a new ALBwafprofile. If it already exists, update the ALBwafprofile. This is a full replace. operationId: PatchALBWafProfile parameters: - description: |- ALBwafprofile ID in: path name: alb-wafprofile-id required: true type: string - in: body name: ALBWafProfile required: true schema: $ref: '#/definitions/ALBWafProfile' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBwafprofile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBWafProfile with the alb-WafProfile-id is not already present, create a new ALBWafProfile. If it already exists, update the ALBWafProfile. This is a full replace. operationId: UpdateALBWafProfile parameters: - description: |- ALBWafProfile ID in: path name: alb-wafprofile-id required: true type: string - in: body name: ALBWafProfile required: true schema: $ref: '#/definitions/ALBWafProfile' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWafProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBWafProfile tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Waf Profiles x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-webhooks: get: consumes: - application/json description: | Paginated list of all ALBWebhook for infra. operationId: ListALBWebhook parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWebhookApiResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List ALBWebhook for infra tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Webhooks x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/alb-webhooks/{alb-webhook-id}: delete: consumes: - application/json description: | Delete the ALBWebhook along with all the entities contained by this ALBWebhook. operationId: DeleteALBWebhook parameters: - description: |- ALBWebhook ID in: path name: alb-webhook-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete ALBWebhook and all the entities contained by this ALBWebhook tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Webhooks x-vmw-nsx-module: PolicyAdvancedLoadBalancer get: consumes: - application/json description: | Read a ALBWebhook. operationId: ReadALBWebhook parameters: - description: |- ALBWebhook ID in: path name: alb-webhook-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWebhook' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read ALBWebhook tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Webhooks x-vmw-nsx-module: PolicyAdvancedLoadBalancer patch: consumes: - application/json description: | If a ALBwebhook with the alb-webhook-id is not already present, create a new ALBwebhook. If it already exists, update the ALBwebhook. This is a full replace. operationId: PatchALBWebhook parameters: - description: |- ALBwebhook ID in: path name: alb-webhook-id required: true type: string - in: body name: ALBWebhook required: true schema: $ref: '#/definitions/ALBWebhook' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBwebhook tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Webhooks x-vmw-nsx-module: PolicyAdvancedLoadBalancer put: consumes: - application/json description: | If a ALBWebhook with the alb-Webhook-id is not already present, create a new ALBWebhook. If it already exists, update the ALBWebhook. This is a full replace. operationId: UpdateALBWebhook parameters: - description: |- ALBWebhook ID in: path name: alb-webhook-id required: true type: string - in: body name: ALBWebhook required: true schema: $ref: '#/definitions/ALBWebhook' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ALBWebhook' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ALBWebhook tags: - Policy, Networking, Network Services, Advanced Load Balancing, Alb Webhooks x-vmw-nsx-module: PolicyAdvancedLoadBalancer /global-infra/bfd-profiles: get: consumes: - application/json description: | Paginated list of all BfdProfiles. operationId: ListBfdProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BfdProfiles tags: - Policy, Networking, Networking Profiles, BFD Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/bfd-profiles/{bfd-profile-id}: delete: consumes: - application/json description: |- Delete BFD Config and all the entities contained by this BfdProfile. operationId: DeleteBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete BFD Config and all the entities contained by this BfdProfile tags: - Policy, Networking, Networking Profiles, BFD Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a BfdProfile. operationId: ReadBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a BfdProfile tags: - Policy, Networking, Networking Profiles, BFD Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a BfdProfile with the bfd-profile-id is not already present, create a new BfdProfile. If it already exists, update the BfdProfile. This operation will fully replace the object. operationId: PatchBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - in: body name: BfdProfile required: true schema: $ref: '#/definitions/BfdProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BfdProfile tags: - Policy, Networking, Networking Profiles, BFD Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a BfdProfile with the bfd-profile-id is not already present, create a new BfdProfile. If it already exists, update the BfdProfile. This operation will fully replace the object. operationId: UpdateBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - in: body name: BfdProfile required: true schema: $ref: '#/definitions/BfdProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BfdProfile tags: - Policy, Networking, Networking Profiles, BFD Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/certificates: get: consumes: - application/json description: | Returns all certificate information viewable by the user, including each certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: ListTlsCertificates parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificateList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All the User-Facing Components' Certificates tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate /global-infra/certificates/{certificate-id}: delete: consumes: - application/json description: | Removes the specified certificate. The private key associated with the certificate is also deleted. operationId: DeleteTlsCertificate parameters: - description: |- ID of certificate to delete in: path name: certificate-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Certificate for the Given Certificate ID tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate get: consumes: - application/json description: | Returns information for the specified certificate ID, including the certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetTlsCertificate parameters: - description: |- ID of certificate to read in: path name: certificate-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show Certificate Data for the Given Certificate ID tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate patch: consumes: - application/json description: | Adds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This patch method does not modify an existing certificate. operationId: PatchTlsCertificate parameters: - in: path name: certificate-id required: true type: string - in: body name: TlsTrustData required: true schema: $ref: '#/definitions/TlsTrustData' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate put: consumes: - application/json description: | Adds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. operationId: AddTlsCertificate parameters: - in: path name: certificate-id required: true type: string - in: body name: TlsTrustData required: true schema: $ref: '#/definitions/TlsTrustData' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate /global-infra/constraints: get: consumes: - application/json description: |- List tenant constraints. operationId: ListTenantConstraints parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConstraintListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List tenant Constraints. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints /global-infra/constraints/{constraint-id}: delete: consumes: - application/json description: |- Delete tenant constraint. operationId: DeleteTenantConstraint parameters: - in: path name: constraint-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete tenant Constraint. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints get: consumes: - application/json description: |- Read tenant constraint. operationId: ReadTenantConstraint parameters: - in: path name: constraint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Constraint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read tenant Constraint. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints patch: consumes: - application/json description: | Create tenant constraint if not exists, otherwise update the existing constraint. operationId: PatchTenantConstraint parameters: - in: path name: constraint-id required: true type: string - in: body name: Constraint required: true schema: $ref: '#/definitions/Constraint' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tenant Constraint tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints put: consumes: - application/json description: | Create tenant constraint if it does not exist, otherwise replace the existing constraint. operationId: CreateOrReplaceTenantConstraint parameters: - in: path name: constraint-id required: true type: string - in: body name: Constraint required: true schema: $ref: '#/definitions/Constraint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Constraint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tenant Constraint tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints /global-infra/context-profiles: get: consumes: - application/json description: | Get all PolicyContextProfiles operationId: ListPolicyContextProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyContextProfiles tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/context-profiles/attributes: get: consumes: - application/json description: | Returns supported attribute and sub-attributes for specified attribute key with their supported values, if provided in query/request parameter, else will fetch all supported attributes and sub-attributes for all supported attribute keys. Alternatively, to get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: ListProfileSupportedAttributes parameters: - description: Fetch attributes and sub-attributes for the given attribute key in: query name: attribute_key required: false type: string - default: SYSTEM description: Source of the attribute, System Defined or custom enum: - ALL - CUSTOM - SYSTEM in: query name: attribute_source required: false type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Policy Context Profile supported attributes and sub-attributes tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/context-profiles/custom-attributes: patch: consumes: - application/json description: | This API updates custom attribute value list for given key. operationId: PatchCustomAttributeList parameters: - in: body name: PolicyAttributes required: true schema: $ref: '#/definitions/PolicyAttributes' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update custom object attribute value list for given attribute key tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile post: consumes: - application/json description: | This API adds/removes custom attribute values from list for a given attribute key. operationId: AddRemoveCustomAttributeValues parameters: - in: body name: PolicyAttributes required: true schema: $ref: '#/definitions/PolicyAttributes' - description: Add or Remove Custom Context Profile Attribute values. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Adds/Removes custom attribute values from list tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/context-profiles/{context-profile-id}: delete: consumes: - application/json description: | Deletes the specified Policy Context Profile. If the Policy Context Profile is consumed in a firewall rule, it won't get deleted. operationId: DeletePolicyContextProfile parameters: - description: |- Policy Context Profile Id in: path name: context-profile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean - default: false description: Delete the locally overriden global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Policy Context Profile tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile get: consumes: - application/json description: | Get a single PolicyContextProfile by id operationId: GetPolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyContextProfile tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile patch: consumes: - application/json description: | Creates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: PatchCreateOrUpdatePolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string - in: body name: PolicyContextProfile required: true schema: $ref: '#/definitions/PolicyContextProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create PolicyContextProfile tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile put: consumes: - application/json description: | Creates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: PutCreateOrUpdatePolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string - in: body name: PolicyContextProfile required: true schema: $ref: '#/definitions/PolicyContextProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create PolicyContextProfile tags: - Policy, Inventory, Context Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/crls: get: consumes: - application/json description: | Returns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. operationId: ListTlsCrls parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrlListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All Added CRLs tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate /global-infra/crls/{crl-id}: delete: consumes: - application/json description: |- Deletes an existing CRL. operationId: DeleteTlsCrl parameters: - in: path name: crl-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a CRL tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate get: consumes: - application/json description: | Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetTlsCrl parameters: - in: path name: crl-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show CRL Data for the Given CRL id. tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate patch: consumes: - application/json description: | Create or patch a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. operationId: CreateOrPatchTlsCrl parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch a Certificate Revocation List tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate put: consumes: - application/json description: | Create or replace a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. Revision is required. operationId: CreateOrUpdateTlsCrl parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Certificate Revocation List tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate /global-infra/crls/{crl-id}?action=import: post: consumes: - application/json description: | Adds a new certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. operationId: CreateTlsCrlImport parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/TlsCrlListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Certificate Revocation List tags: - Policy, Infra, Certificates, Certification Revocation List x-vmw-nsx-module: PolicyCertificate /global-infra/dhcp-relay-configs: get: consumes: - application/json description: | Paginated list of all DHCP relay config instances operationId: ListDhcpRelayConfig parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List DHCP relay config instances tags: - Policy, Networking, IP Management, DHCP, DHCP Relay Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-relay-configs/{dhcp-relay-config-id}: delete: consumes: - application/json description: |- Delete DHCP relay configuration operationId: DeleteDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP relay configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Relay Configs x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP relay configuration operationId: ReadDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP relay configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Relay Configs x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance. If it already exists, update the DHCP relay config instance with specified attributes. operationId: PatchDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string - in: body name: DhcpRelayConfig required: true schema: $ref: '#/definitions/DhcpRelayConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP relay configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Relay Configs x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance. If it already exists, replace the DHCP relay config instance with this object. operationId: CreateOrReplaceDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string - in: body name: DhcpRelayConfig required: true schema: $ref: '#/definitions/DhcpRelayConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP relay configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Relay Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-server-configs: get: consumes: - application/json description: | Paginated list of all DHCP server config instances operationId: ListDhcpServerConfig parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List DHCP server config instances tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-server-configs/{config-id}/leases: get: consumes: - application/json description: |- Read DHCP server leases operationId: ReadDhcpServerLeases parameters: - in: path name: config-id required: true type: string - description: IP or MAC address in: query name: address required: false type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Segment path to retrieve lease information in: query name: segment_path required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpLeasesResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server leases tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/state: get: consumes: - application/json description: |- Read DHCP server state operationId: ReadDhcpServerState parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server state tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/stats: get: consumes: - application/json description: |- Read DHCP server statistics operationId: ReadDhcpServerStats parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server statistics tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/status: get: consumes: - application/json description: |- Read DHCP server status operationId: ReadDhcpServerStatus parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server status tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{dhcp-server-config-id}: delete: consumes: - application/json description: |- Delete DHCP server configuration operationId: DeleteDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP server configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP server configuration operationId: ReadDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If DHCP server config with the dhcp-server-config-id is not already present, create a new DHCP server config instance. If it already exists, update the DHCP server config instance with specified attributes. Realized entities of this API can be found using the path of Tier-0, Tier1, or Segment where this config is applied on. Modification of edge_cluster_path in DhcpServerConfig will lose all existing DHCP leases. If both the preferred_edge_paths in the DhcpServerConfig are changed in a same PATCH API, e.g. change from [a,b] to [x,y], the current DHCP server leases will be lost, which could cause network connectivity issues. It is recommended to change only one member index in an update call, e.g. from [a, b] to [a,y]. Clearing preferred_edge_paths will not reassign edge nodes from the edge cluster. Instead, the previously-allocated edge nodes will be retained to avoid loss of leases. operationId: PatchDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string - in: body name: DhcpServerConfig required: true schema: $ref: '#/definitions/DhcpServerConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP server configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If DHCP server config with the dhcp-server-config-id is not already present, create a new DHCP server config instance. If it already exists, replace the DHCP server config instance with this object. Realized entities of this API can be found using the path of Tier-0, Tier1, or Segment where this config is applied on. Modification of edge_cluster_path in DhcpServerConfig will lose all existing DHCP leases. If both the preferred_edge_paths in the DhcpServerConfig are changed in a same PUT API, e.g. change from [a,b] to [x,y], the current DHCP server leases will be lost, which could cause network connectivity issues. It is recommended to change only one member index in an update call, e.g. from [a, b] to [a,y]. Clearing preferred_edge_paths will not reassign edge nodes from the edge cluster. Instead, the previously-allocated edge nodes will be retained to avoid loss of leases. operationId: CreateOrReplaceDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string - in: body name: DhcpServerConfig required: true schema: $ref: '#/definitions/DhcpServerConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP server configuration tags: - Policy, Networking, IP Management, DHCP, DHCP Server Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dns-forwarder-zones: get: consumes: - application/json description: | Paginated list of all Dns Forwarder Zones operationId: ListPolicyDnsForwarderZone parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZoneListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Dns Forwarder Zones tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, DNS Zones x-vmw-nsx-module: PolicyDnsForwarder /global-infra/dns-forwarder-zones/{dns-forwarder-zone-id}: delete: consumes: - application/json description: |- Delete the DNS Forwarder Zone operationId: DeletePolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete the DNS Forwarder Zone tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, DNS Zones x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder Zone operationId: ReadPolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder Zone tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, DNS Zones x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Create or update the DNS Forwarder Zone operationId: PatchPolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string - in: body name: PolicyDnsForwarderZone required: true schema: $ref: '#/definitions/PolicyDnsForwarderZone' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder Zone tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, DNS Zones x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Create or update the DNS Forwarder Zone operationId: UpdatePolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string - in: body name: PolicyDnsForwarderZone required: true schema: $ref: '#/definitions/PolicyDnsForwarderZone' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder Zone tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, DNS Zones x-vmw-nsx-module: PolicyDnsForwarder /global-infra/dns-security-profiles: get: consumes: - application/json description: |- List all DNS security profiles operationId: ListDnsSecurityProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DNS security profiles tags: - Policy, Security, Security Profiles, DNS Security Profiles x-vmw-nsx-module: PolicyProfile /global-infra/dns-security-profiles/{profile-id}: delete: consumes: - application/json description: |- Delete DNS security profile operationId: DeleteDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS security profile tags: - Policy, Security, Security Profiles, DNS Security Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-0 instance operationId: ReadDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-0 instance tags: - Policy, Security, Security Profiles, DNS Security Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- Create or update DNS security profile operationId: PatchDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - in: body name: DnsSecurityProfile required: true schema: $ref: '#/definitions/DnsSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile tags: - Policy, Security, Security Profiles, DNS Security Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- Create or update DNS security profile operationId: UpdateDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - in: body name: DnsSecurityProfile required: true schema: $ref: '#/definitions/DnsSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile tags: - Policy, Security, Security Profiles, DNS Security Profiles x-vmw-nsx-module: PolicyProfile /global-infra/domains: get: consumes: - application/json description: | Paginated list of all domains for infra. operationId: ListDomainForInfra parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List domains for infra tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy /global-infra/domains/firewall-flood-protection-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Flood Protection Profile Binding Maps across all domains. This API returns the binding maps order by the sequence number. operationId: ListFirewallFloodProtectionBindingsAcrossDomains parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Flood Protection Profile Binding Maps for all domains tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding /global-infra/domains/firewall-session-timer-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Session Timer Profile Binding Maps across all domains. This API returns the binding maps order by the sequence number. operationId: ListFirewallSessionTimerBindingsAcrossDomains parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profile Binding Maps for all domains tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding /global-infra/domains/{domain-id}: delete: consumes: - application/json description: | Delete the domain along with all the entities contained by this domain. The groups that are a part of this domain are also deleted along with the domain. operationId: DeleteDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Domain and all the entities contained by this domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy get: consumes: - application/json description: | Read a domain. operationId: ReadDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Domain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a domain with the domain-id is not already present, create a new domain. If it already exists, patch the domain operationId: PatchDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - in: body name: Domain required: true schema: $ref: '#/definitions/Domain' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a domain with the domain-id is not already present, create a new domain. If it already exists, update the domain including the nested groups. This is a full replace operationId: UpdateDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - in: body name: Domain required: true schema: $ref: '#/definitions/Domain' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Domain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/domain-deployment-maps: get: consumes: - application/json description: | Paginated list of all Domain Deployment Entries for infra. operationId: ListDomainDeploymentMapsForInfra parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Domain Deployment maps for infra tags: - Policy, Infra, Domains, Domain Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}: delete: consumes: - application/json description: |- Delete Domain Deployment Map operationId: DeleteDomainDeploymentMap parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Domain Deployment Map tags: - Policy, Infra, Domains, Domain Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read a Domain Deployment Map operationId: ReadDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a DomainDeploymentMap tags: - Policy, Infra, Domains, Domain Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, patch it. operationId: PatchDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string - in: body name: DomainDeploymentMap required: true schema: $ref: '#/definitions/DomainDeploymentMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch Domain Deployment Map under infra tags: - Policy, Infra, Domains, Domain Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, replace it. operationId: CreateOrUpdateDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string - in: body name: DomainDeploymentMap required: true schema: $ref: '#/definitions/DomainDeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Domain Deployment Map under infra tags: - Policy, Infra, Domains, Domain Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/domains/{domain-id}/forwarding-policies: get: consumes: - application/json description: | List all forwarding policies for the given domain ordered by precedence. operationId: ListForwardingPolicies parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List forwarding policies for the given domain tags: - Policy, Networking, Network Services, Forwarding Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}: get: consumes: - application/json description: | Read forwarding policy. operationId: ReadForwardingPolicy parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read forwarding policy tags: - Policy, Networking, Network Services, Forwarding Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListForwardingRule parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Networking, Network Services, Forwarding Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}/rules/{rule-id}: get: consumes: - application/json description: |- Read rule operationId: ReadForwardingRule parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string - description: |- Rule id in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Networking, Network Services, Forwarding Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/gateway-policies: get: consumes: - application/json description: |- List all gateway policies for specified Domain. operationId: ListGatewayPoliciesForDomain parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List gateway policies tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}: delete: consumes: - application/json description: |- Delete GatewayPolicy operationId: DeleteGatewayPolicy parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete GatewayPolicy tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall get: consumes: - application/json description: | Read gateway policy for a domain. operationId: ReadGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read gateway policy tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall patch: consumes: - application/json description: | Update the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. operationId: PatchGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway policy tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall put: consumes: - application/json description: | Update the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. operationId: CreateOrReplaceGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway policy tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListGatewayRules parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}: delete: consumes: - application/json description: |- Delete rule operationId: DeleteGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete rule tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall get: consumes: - application/json description: |- Read rule operationId: ReadGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall patch: consumes: - application/json description: | Update the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains//gateway-policies/ operationId: PatchGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway rule tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall put: consumes: - application/json description: | Update the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains//gateway-policies/ operationId: CreateOrReplaceGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway rule tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}/statistics: get: consumes: - application/json description: | Get statistics of a gateway rule. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetGatewayRuleStatistics parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get gateway rule statistics tags: - Policy, Security, North South Security, Gateway Firewall, Statistics x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}?action=revise: post: consumes: - application/json description: | This is used to re-order a gateway rule within a gateway policy. operationId: ReviseGatewayRuleRevise parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of gateway rule tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/statistics: get: consumes: - application/json description: | Get statistics of a gateay policy. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetGatewayPolicyStatistics parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get gateway policy statistics tags: - Policy, Security, North South Security, Gateway Firewall, Statistics x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}?action=revise: post: consumes: - application/json description: | This is used to set a precedence of a gateway policy w.r.t others. operationId: ReviseGatewayPolicyRevise parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of gateway policy tags: - Policy, Security, North South Security, Gateway Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/groups: get: consumes: - application/json description: | List Groups for a domain. Groups can be filtered using member_types query parameter, which returns the groups that contains the specified member types. Multiple member types can be provided as comma separated values. The API also return groups having member type that are subset of provided member_types. operationId: ListGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Comma Seperated Member types in: query name: member_types required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Groups for a domain tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}: delete: consumes: - application/json description: |- Delete Group operationId: DeleteGroup parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - default: false description: Do not delete if the group subtree has any entities in: query name: fail_if_subtree_exists type: boolean - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Read group operationId: ReadGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Group' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group with the group-id is not already present, create a new group. If it already exists, patch the group. operationId: PatchGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - in: body name: Group required: true schema: $ref: '#/definitions/Group' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a group with the group-id is not already present, create a new group. If it already exists, update the group. Avoid creating groups with multiple MACAddressExpression and IPAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression and IPAddressExpression along with other expressions. To group IPAddresses or MACAddresses, use nested groups instead of multiple IPAddressExpressions/MACAddressExpression. operationId: UpdateGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - in: body name: Group required: true schema: $ref: '#/definitions/Group' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Group' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/discovery-profile-binding-maps: get: consumes: - application/json description: |- API will get Group discovery profile binding map operationId: ListGroupDiscoveryProfileBindings parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Group discovery profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/discovery-profile-binding-maps/{discovery-profile-binding-map-id}: delete: consumes: - application/json description: |- API will delete Group discovery profile binding map operationId: DeleteGroupDiscoveryProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group discovery profile binding map ID in: path name: discovery-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group discovery profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding get: consumes: - application/json description: |- API will get Group discovery profile binding map operationId: GetGroupDiscoveryProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group discovery profile binding map ID in: path name: discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Group discovery profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding patch: consumes: - application/json description: |- API will create or update Group discovery profile binding map operationId: PatchGroupDiscoveryProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group discovery profile binding map ID in: path name: discovery-profile-binding-map-id required: true type: string - in: body name: GroupDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Group discovery profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding put: consumes: - application/json description: |- API will update Group discovery profile binding map operationId: UpdateGroupDiscoveryProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group discovery profile binding map ID in: path name: discovery-profile-binding-map-id required: true type: string - in: body name: GroupDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Group discovery profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/dns-security-profile-binding-maps: get: consumes: - application/json description: |- API will get DNS security profile binding map operationId: ListDnsSecurityProfileBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DNS security profile binding map tags: - Policy, Security, Security Profiles, DNS Security Profile Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/dns-security-profile-binding-maps/{dns-security-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete DNS security profile binding map operationId: DeleteDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS security profile binding map tags: - Policy, Security, Security Profiles, DNS Security Profile Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding get: consumes: - application/json description: |- API will get DNS security profile binding map operationId: GetDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DNS security profile binding map tags: - Policy, Security, Security Profiles, DNS Security Profile Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding patch: consumes: - application/json description: |- API will create or update DNS security profile binding map operationId: PatchDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string - in: body name: DnsSecurityProfileBindingMap required: true schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile binding map tags: - Policy, Security, Security Profiles, DNS Security Profile Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding put: consumes: - application/json description: |- API will update DNS security profile binding map operationId: UpdateDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string - in: body name: DnsSecurityProfileBindingMap required: true schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update DNS security profile binding map tags: - Policy, Security, Security Profiles, DNS Security Profile Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group External ID Expression operationId: DeleteGroupExternalIDExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- ExternalIDExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group External ID Expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison. If it already exists, replace the existing ExternalIDexpression. operationId: PatchGroupExternalIDExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- ExternalIDExpression ID in: path name: expression-id required: true type: string - in: body name: ExternalIDExpression required: true schema: $ref: '#/definitions/ExternalIDExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group external ID expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified members having external ID for a given expression of a group. operationId: AddorRemoveGroupExternalIDMembers parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: GroupMemberList required: true schema: $ref: '#/definitions/GroupMemberList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove external id based members from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/firewall-flood-protection-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Flood Protection Profile Binding Maps in current group id. operationId: ListPolicyFirewallFloodProtectionBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Flood Protection Profile Binding Maps tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/firewall-flood-protection-profile-binding-maps/{firewall-flood-protection-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Firewall Flood Protection Profile Binding operationId: DeletePolicyFirewallFloodProtectionBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Flood Protection Profile Binding tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding get: consumes: - application/json description: | API will get Firewall Flood Protection Profile Binding Map operationId: GetPolicyFirewallFloodProtectionBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding patch: consumes: - application/json description: |- API will create or update Firewall Flood Protection profile binding map operationId: PatchPolicyFirewallFloodProtectionProfileBindingMap parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallFloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding put: consumes: - application/json description: |- API will update Firewall Flood Protection Profile Binding Map operationId: UpdatePolicyFirewallFloodProtectionBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallFloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/firewall-session-timer-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Session Timer Profile Binding Maps in current group id. operationId: ListPolicyFirewallSessionTimerBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profile Binding Maps tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/firewall-session-timer-profile-binding-maps/{firewall-session-timer-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Firewall Session Timer Profile Binding operationId: DeletePolicyFirewallSessionTimerBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Session Timer Profile Binding tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding get: consumes: - application/json description: | API will get Firewall Session Timer Profile Binding Map operationId: GetPolicyFirewallSessionTimerBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding patch: consumes: - application/json description: |- API will create or update Firewall Session Timer profile binding map operationId: PatchPolicyFirewallSessionTimerProfileBindingMap parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding put: consumes: - application/json description: |- API will update Firewall Session Timer Profile Binding Map operationId: UpdatePolicyFirewallSessionTimerBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security Profiles, Session Timer Profile Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/group-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Group Monitoring Profile Binding Maps in current group id. operationId: ListGroupMonitoringBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Group Monitoring Profile Binding Maps tags: - Policy, Security, Security Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/group-monitoring-profile-binding-maps/{group-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Group Monitoring Profile Binding operationId: DeleteGroupMonitoringBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group Monitoring Profile Binding tags: - Policy, Security, Security Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Group Monitoring Profile Binding Map operationId: GetGroupMonitoringBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Group Monitoring Profile Binding Map tags: - Policy, Security, Security Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create group monitoring profile binding map operationId: PatchGroupMonitoringBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string - in: body name: GroupMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Group Monitoring Profile Binding Map tags: - Policy, Security, Security Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Group Monitoring Profile Binding Map operationId: UpdateGroupMonitoringBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string - in: body name: GroupMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Group Monitoring Profile Binding Map tags: - Policy, Security, Security Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/group-monitoring-profile-binding-maps/{group-monitoring-profile-binding-map-id}/mirror-stack-status : get: consumes: - application/json description: | API will get mirror stack status by Group Monitoring Profile Binding Map operationId: GetGroupMonitoringBindingMirrorStackStatus parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: group-monitoring-profile-binding-map-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Binding map path enforcemnt point path to remote L3 mirror session in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MirrorStackStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get mirror stack status for Group Monitoring Profile Binding Map. tags: - Policy, Networking, Connectivity, Segment, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group IPAddressExpression operationId: DeleteGroupIPAddressExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- IPAddressExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group IPAddressExpression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression. If it already exists, replace the existing IPAddressExpression. operationId: PatchGroupIPAddressExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- IPAddressExpression ID in: path name: expression-id required: true type: string - in: body name: IPAddressExpression required: true schema: $ref: '#/definitions/IPAddressExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group IP Address expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified IP Addresses from a given expression of a group. operationId: AddorRemoveGroupIPAddresses parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: IPAddressList required: true schema: $ref: '#/definitions/IPAddressList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove IP Addresses from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group MACAddressExpression operationId: DeleteGroupMACAddressExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- MACAddressExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group MACAddressExpression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression. If it already exists, replace the existing MACAddressExpression. operationId: PatchGroupMACAddressExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- MACAddressExpression ID in: path name: expression-id required: true type: string - in: body name: MACAddressExpression required: true schema: $ref: '#/definitions/MACAddressExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group MAC Address expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified MAC Addresses from a given expression of a group. operationId: AddorRemoveGroupMACAddresses parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: MACAddressList required: true schema: $ref: '#/definitions/MACAddressList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove MAC Addresses from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/member-types: get: consumes: - application/json description: | It retrieves member types for a given group. In case of nested groups, it calculates member types of child groups as well. Considers member type for members added via static members and dynamic membership criteria. operationId: GetMemberTypesForGroup parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMemberTypeListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get member types for a given Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses: get: consumes: - application/json description: | Returns consolidated effective ip address members of the specified NSGroup. Applicable in case of federated environment. The response contains site-wise list of consolidated effective IP address members. In the response, for the local-site, the list will contain static and dynamicaly translated IPs. For the remote sites, the list will contain only the dynamically translated IPs. The static IPs will not be seen in the response of this API. Hence, user can refer to the local-site Ip response in the API results or the group definition to see the static IP membership of the Group. This API is applicable only for Global Groups containing (directly or via nesting) either VirtualMachine, VIF, Segment, SegmentPort or IPSet member type. Use the cursor value in the response to fetch the next page. If there is no cursor value for a response, it implies the last page in the results for the query. operationId: GetConsolidatedEffectiveIPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IP address, range, or subnet format: address-or-block-or-range in: query name: ip_filter required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'UUID of the site from which the effective IP addresses are to be fetched ' in: query name: site_id required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConsolidatedEffectiveIPAddressMemberListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get consolidated effective IPAddress translated from this group across site tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses: get: consumes: - application/json description: | Get IP addresses that belong to this Group. This API is applicable for Groups containing either VirtualMachine, VIF, Segment ,Segment Port or IP Address member type.For Groups containing other member types,an empty list is returned operationId: GetGroupIPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupIPMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IP addresses that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports: get: consumes: - application/json description: | Get logical ports that belong to this Group This API is applicable for Groups containing either VirtualMachine, VIF, Segment or Segment Port member type.For Groups containing other member types,an empty list is returned. operationId: GetGroupLPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get logical ports that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches: get: consumes: - application/json description: | Get logical switches that belong to this Group. This API is applicable for Groups containing Segment member type. For Groups containing other member types, an empty list is returned. operationId: GetGroupLSMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get logical switches that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports: get: consumes: - application/json description: | Get segment ports that belong to this Group operationId: GetGroupSegmentPortMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment ports that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/segments: get: consumes: - application/json description: | Get segments that belong to this Group operationId: GetGroupSegmentMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segments that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/vifs: get: consumes: - application/json description: | Get Virtual Network Interface instances that belong to this Group. This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types. For Groups containing other member types,an empty list is returned.target_id in response is external_id of VirtualNetworkInterface or VirtualMachine. operationId: GetGroupVIFMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VirtualNetworkInterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Virtual Network Interface instances that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines: get: consumes: - application/json description: | Get Virtual machines that belong to this Group. This API is applicable for Groups containing VirtualMachine,member type. For Groups containing other member types,an empty list is returned. operationId: GetGroupVMMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RealizedVirtualMachineListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Virtual machines that belong to this Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group Path Expression operationId: DeleteGroupPathExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- PathExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group Path Expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group path_expression with the expression-id is not already present, create a new pathexpresison. If it already exists, replace the existing pathexpression. operationId: PatchGroupPathExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- PathExpression ID in: path name: expression-id required: true type: string - in: body name: PathExpression required: true schema: $ref: '#/definitions/PathExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group path expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified members having path for a given expression of a group. operationId: AddorRemoveGroupPathMembers parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: GroupMemberList required: true schema: $ref: '#/definitions/GroupMemberList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove path based members from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/tags: get: consumes: - application/json description: | Get tags used to define conditions inside a Group. Also includes tags inside nested groups. operationId: GetGroupTags parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupTagsList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tags used to define conditions inside a Group tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/security-policies: get: consumes: - application/json description: | List all security policies for a domain. operationId: ListSecurityPoliciesForDomain parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List security policies tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}: delete: consumes: - application/json description: | Deletes the security policy along with all the rules operationId: DeleteSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Deletes a security policy from this domain tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy get: consumes: - application/json description: | Read security policy for a domain. operationId: ReadSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read security policy tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy patch: consumes: - application/json description: | Patch the security policy for a domain. If a security policy for the given security-policy-id is not present, the object will get created and if it is present it will be updated. This is a full replace. Performance Note: If you want to edit several rules in a security policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. operationId: PatchSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch security policy tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy put: consumes: - application/json description: | Create or Update the security policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a security policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. operationId: UpdateSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update security policy tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListSecurityRules parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}: delete: consumes: - application/json description: |- Delete rule operationId: DeleteSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete rule tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy get: consumes: - application/json description: |- Read rule operationId: ReadSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy patch: consumes: - application/json description: | Patch the rule. If Rule corresponding to the the given rule-id is not present, the object will get created and if it is present it will be updated. This is a full replace. Performance Note: If you want to edit several rules in a security policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains//security-policies/ operationId: PatchSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a rule tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy put: consumes: - application/json description: | Update the rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you wish to edit several rules in a security policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains//security-policies/ operationId: UpdateSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a rule tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}/statistics: get: consumes: - application/json description: | Get statistics of a rule. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetRuleStatistics parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Security policy id in: path name: security-policy-id required: true type: string - description: |- Rule id in: path name: rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get rule statistics tags: - Policy, Security, East West Security, Distributed Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}?action=revise: post: consumes: - application/json description: | This is used to re-order a rule within a security policy. operationId: ReviseSecurityRuleRevise parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of rule tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/statistics: get: consumes: - application/json description: | Get statistics of a security policy. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetSecurityPolicyStatistics parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Security policy id in: path name: security-policy-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get security policy statistics tags: - Policy, Security, East West Security, Distributed Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}?action=revise: post: consumes: - application/json description: | This is used to set a precedence of a security policy w.r.t others. operationId: ReviseSecurityPoliciesRevise parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of security policies tags: - Policy, Security, East West Security, Distributed Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/evpn-tenant-configs/{config-id}: patch: consumes: - application/json description: | Create a global evpn tenant configuration if it is not already present, otherwise update the evpn tenant configuration. operationId: PatchEvpnTenantConfig parameters: - description: |- Evpn Tenant config id in: path name: config-id required: true type: string - in: body name: EvpnTenantConfig required: true schema: $ref: '#/definitions/EvpnTenantConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update Evpn Tenant Configuration tags: - Policy, Networking, Networking Profiles, EVPN Tenant Configuration x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | Create or update Evpn Tenant configuration. operationId: CreateOrUpdateEvpnTenantConfig parameters: - description: |- Evpn Tenant config id in: path name: config-id required: true type: string - in: body name: EvpnTenantConfig required: true schema: $ref: '#/definitions/EvpnTenantConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EvpnTenantConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update Evpn Tenant Configuration tags: - Policy, Networking, Networking Profiles, EVPN Tenant Configuration x-vmw-nsx-module: PolicyConnectivity /global-infra/federation-config: get: consumes: - application/json description: |- Read a federation config from Global Manager. operationId: ReadFederationConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FederationConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read federation config tags: - Federation, Infra, Federation Configuration x-vmw-nsx-module: PolicySiteGM /global-infra/firewall-schedulers: get: consumes: - application/json description: | Get all PolicyFirewallSchedulers operationId: ListPolicyFirewallSchedulers parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSchedulerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyFirewallSchedulers tags: - Policy, Security, East West Security, Distributed Firewall, Settings, Firewall Scheduler x-vmw-nsx-module: PolicyFirewallScheduler /global-infra/firewall-schedulers/{firewall-scheduler-id}: delete: consumes: - application/json description: | Deletes the specified PolicyFirewallScheduler. If scheduler is consumed in a security policy, it won't get deleted. operationId: DeletePolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Policy Firewall Scheduler tags: - Policy, Security, East West Security, Distributed Firewall, Settings, Firewall Scheduler x-vmw-nsx-module: PolicyFirewallScheduler get: consumes: - application/json description: | Get a PolicyFirewallScheduler by id operationId: GetPolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallScheduler' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyFirewallScheduler tags: - Policy, Security, East West Security, Distributed Firewall, Settings, Firewall Scheduler x-vmw-nsx-module: PolicyFirewallScheduler patch: consumes: - application/json description: | Creates/Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. operationId: PatchPolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - in: body name: PolicyFirewallScheduler required: true schema: $ref: '#/definitions/PolicyFirewallScheduler' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update PolicyFirewallScheduler tags: - Policy, Security, East West Security, Distributed Firewall, Settings, Firewall Scheduler x-vmw-nsx-module: PolicyFirewallScheduler put: consumes: - application/json description: | Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. operationId: UpdatePolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - in: body name: PolicyFirewallScheduler required: true schema: $ref: '#/definitions/PolicyFirewallScheduler' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallScheduler' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update PolicyFirewallScheduler tags: - Policy, Security, East West Security, Distributed Firewall, Settings, Firewall Scheduler x-vmw-nsx-module: PolicyFirewallScheduler /global-infra/firewall-session-timer-profiles: get: consumes: - application/json description: |- API will list all Firewall Session Timer Profiles operationId: ListPolicyFirewallSessionTimerProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profiles tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile /global-infra/firewall-session-timer-profiles/{firewall-session-timer-profile-id}: delete: consumes: - application/json description: |- API will delete Firewall Session Timer Profile operationId: DeletePolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Session Timer Profile tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile get: consumes: - application/json description: |- API will get Firewall Session Timer Profile operationId: GetPolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Session Timer Profile tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile patch: consumes: - application/json description: |- API will create/update Firewall Session Timer Profile operationId: PatchPolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfile required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Session Timer Profile tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile put: consumes: - application/json description: |- API will update Firewall Session Timer Profile operationId: UpdatePolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfile required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Session Timer Profile tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile /global-infra/flood-protection-profiles: get: consumes: - application/json description: |- API will list all Flood Protection Profiles operationId: ListFloodProtectionProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Flood Protection Profiles tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile /global-infra/flood-protection-profiles/{flood-protection-profile-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile operationId: DeleteFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- API will get Flood Protection Profile operationId: GetFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- API will create/update Flood Protection Profile operationId: PatchFloodProtectionProfile parameters: - description: |- Firewall Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - in: body name: FloodProtectionProfile required: true schema: $ref: '#/definitions/FloodProtectionProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- API will update Firewall Flood Protection Profile operationId: UpdateFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - in: body name: FloodProtectionProfile required: true schema: $ref: '#/definitions/FloodProtectionProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Flood Protection Profile tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile /global-infra/flood-protection-profiles/{flood-protection-profile-id}/bindings: get: consumes: - application/json description: |- API will list all Flood Protection Profiles bindings. operationId: ListFloodProtectionProfileBindings parameters: - in: path name: flood-protection-profile-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Flood Protection Profiles tags: - Policy, Security, Security Profiles, Flood Protection Profiles x-vmw-nsx-module: PolicyProfile /global-infra/full-sync-states: get: consumes: - application/json description: |- List full sync state. operationId: ListFullSyncStates parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FullSyncStateListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List full sync states tags: - Federation, Local Manager, Full Synchronization x-vmw-nsx-module: PolicyFullSync /global-infra/full-sync-states/{full-sync-id}: get: consumes: - application/json description: |- Get full sync state. operationId: GetFullSyncStates parameters: - in: path name: full-sync-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FullSyncState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get full sync state tags: - Federation, Local Manager, Full Synchronization x-vmw-nsx-module: PolicyFullSync /global-infra/gateway-qos-profiles: get: consumes: - application/json description: | Paginated list of all gateway QoS profle instances operationId: ListGatewayQosProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all gateway QoS profiles tags: - Policy, Networking, Networking Profiles, Gateway QOS Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/gateway-qos-profiles/{qos-profile-id}: delete: consumes: - application/json description: |- Delete QoS profile operationId: DeleteGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete gateway QoS profile tags: - Policy, Networking, Networking Profiles, Gateway QOS Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read gateway QoS profile operationId: ReadGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read gateway QoS profile tags: - Policy, Networking, Networking Profiles, Gateway QOS Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the qos-profile-id is not already present, create a new gateway QoS profile instance. If it already exists, update the gateway QoS profile instance with specified attributes. operationId: PatchGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - in: body name: GatewayQosProfile required: true schema: $ref: '#/definitions/GatewayQosProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Gateway QoS profile tags: - Policy, Networking, Networking Profiles, Gateway QOS Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the qos-profile-id is not already present, create a new gateway QoS profile instance. If it already exists, replace the gateway QoS profile instance with this object. operationId: CreateOrReplaceGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - in: body name: GatewayQosProfile required: true schema: $ref: '#/definitions/GatewayQosProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Gateway QoS profile tags: - Policy, Networking, Networking Profiles, Gateway QOS Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/global-manager-config: patch: consumes: - application/json description: | Create or patch a Global Manager Config operationId: PatchGlobalManagerConfig parameters: - in: body name: GlobalManagerConfig required: true schema: $ref: '#/definitions/GlobalManagerConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch Global Manager Config tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace a Global Manager Config. Revision is optional for creation and required for update. operationId: CreateOrUpdateGlobalManagerConfig parameters: - in: body name: GlobalManagerConfig required: true schema: $ref: '#/definitions/GlobalManagerConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace Global Manager Config tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM /global-infra/global-manager-config?action=show-sensitive-data: get: consumes: - application/json description: | Read a Global Manager config along with sensitive data. For example - rtep_config.ibgp_password operationId: ReadGlobalManagerConfigWithSensitiveDataShow-sensitive-data produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Global Manager config along with sensitive data tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM /global-infra/global-managers: get: consumes: - application/json description: | List Global Managers under Infra. operationId: ListInfraGlobalManagers parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Global Managers tags: - Federation, Infra, Global Managers x-vmw-nsx-module: PolicySiteGM /global-infra/global-managers/{global-manager-id}: delete: consumes: - application/json description: | Delete a particular global manager under Infra. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: DeleteInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a Global Manager under Infra tags: - Federation, Infra, Global Managers x-vmw-nsx-module: PolicySiteGM get: consumes: - application/json description: | Retrieve information about a particular configured global manager. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: ReadInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManager' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Global Manager tags: - Federation, Infra, Global Managers x-vmw-nsx-module: PolicySiteGM patch: consumes: - application/json description: | Create or patch a Global Manager under Infra. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: PatchInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string - in: body name: GlobalManager required: true schema: $ref: '#/definitions/GlobalManager' - description: Indciates force switchover to Active in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch a Global Manager tags: - Federation, Infra, Global Managers x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace Global Manager under Infra. Revision is optional for creation and required for update. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: CreateOrUpdateInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string - in: body name: GlobalManager required: true schema: $ref: '#/definitions/GlobalManager' - description: Indciates force switchover to Active in: query name: force type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManager' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Global Manager under infra tags: - Federation, Infra, Global Managers x-vmw-nsx-module: PolicySiteGM /global-infra/group-associations: get: consumes: - application/json description: | Get policy groups for which the given object is a member. In Federation environment, if the given object is a global entity (eg: global segment) and if the entity is not stretched to the site specified in the enforcement_point_path parameter,then the following is returned:- 1)If the entity is a member of any global group and that group is stretched to the enforcement_point_path site,then the API returns an empty list. 2)If the entity is not a member of any global group,this API returns an 'invalid path' error message. 3)If both the entity and its corresponding groups are stretched to the enforcement_point_path site , then the API returns the groups list. operationId: GetGroupsForObject parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: String path of the intent object in: query name: intent_path required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given object is a member tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/group-service-associations: get: consumes: - application/json description: | The API returns all the services associated with the given Group. It also returns the services associated with the parent groups of the given group. operationId: GetPolicyGroupServiceAssociations parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Path of the entity in: query name: intent_path required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the list of services where the given group is consumed. tags: - Policy x-vmw-nsx-module: PolicyGroupRealization /global-infra/ip-address-group-associations: get: consumes: - application/json description: | Get policy groups for which the given IP address is a member. operationId: GetGroupsForIPAddress parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPAddress in: query name: ip_address required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given IP address is a member tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/ip-discovery-profiles: get: consumes: - application/json description: | API will list all IP Discovery Profiles active in current discovery profile id. operationId: GetIPDiscoveryProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IP Discovery Profiles tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery /global-infra/ip-discovery-profiles/{ip-discovery-profile-id}: delete: consumes: - application/json description: | API will delete IP Discovery profile. operationId: DeleteIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IP Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery get: consumes: - application/json description: | API will get IP Discovery profile. operationId: GetIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IP Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery patch: consumes: - application/json description: | API will create IP Discovery profile. operationId: CreateIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - in: body name: IPDiscoveryProfile required: true schema: $ref: '#/definitions/IPDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create IP Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery put: consumes: - application/json description: | API will update IP Discovery profile. operationId: UpdateIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - in: body name: IPDiscoveryProfile required: true schema: $ref: '#/definitions/IPDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update IP Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery /global-infra/ipfix-dfw-collector-profiles: get: consumes: - application/json description: | API will provide list of all IPFIX dfw collector profiles and their details. operationId: ListIPFIXDFWCollectorProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX Collector profiles. tags: - Policy, Operations, IPFIX, Firewall IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX dfw collector profile. Flow forwarding to collector will be stopped. operationId: DeleteIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector Profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX dfw Collector profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXDFW get: consumes: - application/json description: | API will return details of IPFIX dfw collector profile. If profile does not exist, it will return 404. operationId: ReadIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX dfw Collector profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXDFW patch: consumes: - application/json description: | Create a new IPFIX dfw collector profile if the IPFIX dfw collector profile with given id does not already exist. If the IPFIX dfw collector profile with the given id already exists, patch with the existing IPFIX dfw collector profile. operationId: PatchIPFIXDFWCollectorProfile parameters: - in: path name: ipfix-dfw-collector-profile-id required: true type: string - in: body name: IPFIXDFWCollectorProfile required: true schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- IPFIX dfw collector profile id tags: - Policy, Operations, IPFIX, Firewall IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXDFW put: consumes: - application/json description: | Create or Replace IPFIX dfw collector profile. IPFIX data will be sent to IPFIX collector port. operationId: CreateOrReplaceIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string - in: body name: IPFIXDFWCollectorProfile required: true schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX dfw collector profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-profiles: get: consumes: - application/json description: | API provides list IPFIX DFW profiles available on selected logical DFW. operationId: ListIPFIXDFWProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX DFW Profile. Selected IPFIX Collectors will stop receiving flows. operationId: DeleteIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXDFW get: consumes: - application/json description: | API will return details of IPFIX DFW profile. operationId: ReadIPFIXDFWProfile parameters: - description: |- IPFIX DFW collection id in: path name: ipfix-dfw-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXDFW patch: consumes: - application/json description: | Create a new IPFIX DFW profile if the IPFIX DFW profile with given id does not already exist. If the IPFIX DFW profile with the given id already exists, patch with the existing IPFIX DFW profile. operationId: PatchIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - in: body name: IPFIXDFWProfile required: true schema: $ref: '#/definitions/IPFIXDFWProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX DFW profile tags: - Policy, Operations, IPFIX, Firewall IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXDFW put: consumes: - application/json description: | Create or replace IPFIX DFW profile. Config will start forwarding data to provided IPFIX DFW collector. operationId: CreateOrReplaceIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - in: body name: IPFIXDFWProfile required: true schema: $ref: '#/definitions/IPFIXDFWProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX DFW collection Config. tags: - Policy, Operations, IPFIX, Firewall IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-l2-collector-profiles: get: consumes: - application/json description: | API will provide list of all IPFIX collector profiles and their details. operationId: ListIPFIXL2CollectorProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX Collector profiles. tags: - Policy, Operations, IPFIX, Switch IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX collector profile. Flow forwarding to collector will be stopped. operationId: DeleteIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector Profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX Collector profile tags: - Policy, Operations, IPFIX, Switch IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXSwitch get: consumes: - application/json description: | API will return details of IPFIX collector profile. operationId: ReadIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX Collector profile tags: - Policy, Operations, IPFIX, Switch IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXSwitch patch: consumes: - application/json description: | Create a new IPFIX collector profile if the IPFIX collector profile with given id does not already exist. If the IPFIX collector profile with the given id already exists, patch with the existing IPFIX collector profile. operationId: PatchIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - in: body name: IPFIXL2CollectorProfile required: true schema: $ref: '#/definitions/IPFIXL2CollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX collector profile tags: - Policy, Operations, IPFIX, Switch IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXSwitch put: consumes: - application/json description: | Create or Replace IPFIX collector profile. IPFIX data will be sent to IPFIX collector. operationId: CreateOrReplaceIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - in: body name: IPFIXL2CollectorProfile required: true schema: $ref: '#/definitions/IPFIXL2CollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX collector profile tags: - Policy, Operations, IPFIX, Switch IPFIX Collectors x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-profiles: get: consumes: - application/json description: | API provides list IPFIX L2 Profiles available on selected logical l2. operationId: ListIPFIXL2Profiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2ProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX L2 Profiles tags: - Policy, Operations, IPFIX, Switch IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-profiles/{ipfix-l2-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX L2 Profile. Flow forwarding to selected collector will be stopped. operationId: DeleteIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX L2 Profile tags: - Policy, Operations, IPFIX, Switch IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXSwitch get: consumes: - application/json description: | API will return details of IPFIX L2 profile. operationId: ReadIPFIXL2Profile parameters: - description: |- IPFIX L2 profile id in: path name: ipfix-l2-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2Profile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX L2 Profile tags: - Policy, Operations, IPFIX, Switch IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXSwitch patch: consumes: - application/json description: | Create a new IPFIX L2 profile if the IPFIX L2 profile with given id does not already exist. If the IPFIX L2 profile with the given id already exists, patch with the existing IPFIX L2 profile. operationId: PatchIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - in: body name: IPFIXL2Profile required: true schema: $ref: '#/definitions/IPFIXL2Profile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX L2profile tags: - Policy, Operations, IPFIX, Switch IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXSwitch put: consumes: - application/json description: | Create or replace IPFIX L2 Profile. Profile is reusable entity. Single profile can attached multiple bindings e.g group, segment and port. operationId: CreateOrReplaceIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - in: body name: IPFIXL2Profile required: true schema: $ref: '#/definitions/IPFIXL2Profile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2Profile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX L2 profile tags: - Policy, Operations, IPFIX, Switch IPFIX Profiles x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipv6-dad-profiles: get: consumes: - application/json description: | Paginated list of all IPv6 DAD profile instances operationId: ListIpv6DadProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all IPv6 DAD profiles tags: - Policy, Networking, Networking Profiles, IPV6 DAD Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-dad-profiles/{dad-profile-id}: delete: consumes: - application/json description: |- Delete IPv6 DAD profile operationId: DeleteIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPv6 DAD profile tags: - Policy, Networking, Networking Profiles, IPV6 DAD Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read IPv6 DAD profile operationId: ReadIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read IPv6 DAD profile tags: - Policy, Networking, Networking Profiles, IPV6 DAD Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the dad-profile-id is not already present, create a new IPv6 DAD profile instance. If it already exists, update the IPv6 DAD profile instance with specified attributes. operationId: PatchIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - in: body name: Ipv6DadProfile required: true schema: $ref: '#/definitions/Ipv6DadProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 DAD profile tags: - Policy, Networking, Networking Profiles, IPV6 DAD Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the dad-profile-id is not already present, create a new IPv6 DAD profile instance. If it already exists, replace the IPv6 DAD profile instance with this object. operationId: CreateOrReplaceIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - in: body name: Ipv6DadProfile required: true schema: $ref: '#/definitions/Ipv6DadProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 DAD profile tags: - Policy, Networking, Networking Profiles, IPV6 DAD Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-ndra-profiles: get: consumes: - application/json description: | Paginated list of all IPv6 NDRA profile instances operationId: ListIpv6NdraProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all IPv6 NDRA profiles tags: - Policy, Networking, Networking Profiles, IPV6 NDRA Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-ndra-profiles/{ndra-profile-id}: delete: consumes: - application/json description: |- Delete IPv6 NDRA profile operationId: DeleteIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPv6 NDRA profile tags: - Policy, Networking, Networking Profiles, IPV6 NDRA Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read IPv6 NDRA profile operationId: ReadIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read IPv6 NDRA profile tags: - Policy, Networking, Networking Profiles, IPV6 NDRA Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the ndra-profile-id is not already present, create a new IPv6 NDRA profile instance. If it already exists, update the IPv6 NDRA profile instance with specified attributes. operationId: PatchIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - in: body name: Ipv6NdraProfile required: true schema: $ref: '#/definitions/Ipv6NdraProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 NDRA profile tags: - Policy, Networking, Networking Profiles, IPV6 NDRA Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the ndra-profile-id is not already present, create a new IPv6 NDRA profile instance. If it already exists, replace the IPv6 NDRA profile instance with this object. operationId: CreateOrReplaceIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - in: body name: Ipv6NdraProfile required: true schema: $ref: '#/definitions/Ipv6NdraProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 NDRA profile tags: - Policy, Networking, Networking Profiles, IPV6 NDRA Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/labels: get: consumes: - application/json description: | Paginated list of all labels for infra. operationId: ListPolicyLabelForInfra parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabelListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List labels for infra tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel /global-infra/labels/{label-id}: delete: consumes: - application/json description: |- Delete PolicyLabel object operationId: DeletePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete PolicyLabel object tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel get: consumes: - application/json description: | Read a label. operationId: ReadPolicyLabelForInfra parameters: - in: path name: label-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabel' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read lable tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel patch: consumes: - application/json description: | Create label if not exists, otherwise take the partial updates. Note, once the label is created type attribute can not be changed. operationId: UpdatePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string - in: body name: PolicyLabel required: true schema: $ref: '#/definitions/PolicyLabel' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch an existing label object tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel put: consumes: - application/json description: | Create label if not exists, otherwise replaces the existing label. If label already exists then type attribute cannot be changed. operationId: CreateOrReplacePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string - in: body name: PolicyLabel required: true schema: $ref: '#/definitions/PolicyLabel' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabel' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace label tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel /global-infra/mac-discovery-profiles: get: consumes: - application/json description: | API will list all Mac Discovery Profiles active in current discovery profile id. operationId: GetMacDiscoveryProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Mac Discovery Profiles tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, MAC Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery /global-infra/mac-discovery-profiles/{mac-discovery-profile-id}: delete: consumes: - application/json description: | API will delete Mac Discovery profile. operationId: DeleteMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, MAC Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery get: consumes: - application/json description: | API will get Mac Discovery profile. operationId: GetMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, MAC Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery patch: consumes: - application/json description: | API will create Mac Discovery profile. operationId: CreateMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - in: body name: MacDiscoveryProfile required: true schema: $ref: '#/definitions/MacDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, MAC Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery put: consumes: - application/json description: | API will update Mac Discovery profile. operationId: UpdateMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - in: body name: MacDiscoveryProfile required: true schema: $ref: '#/definitions/MacDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, MAC Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery /global-infra/overridden-resources: get: consumes: - application/json description: |- List overridden resources operationId: ListOverriddenResources parameters: - description: Global resource path in: query name: intent_path required: false type: string - description: Site path in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/OverriddenResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List overridden resources tags: - Federation, Infra, Federation Configuration x-vmw-nsx-module: PolicyOverrides /global-infra/port-mirroring-profiles: get: consumes: - application/json description: | API will list all port mirroring profiles group. operationId: ListPortMirroringProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Mirroring Profiles tags: - Policy, Operations, Port Mirroring x-vmw-nsx-module: PolicyPortMirroring /global-infra/port-mirroring-profiles/{port-mirroring-profile-id}: delete: consumes: - application/json description: | API will delete port mirroring profile. Mirroring from source to destination ports will be stopped. operationId: DeletePortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Port Mirroring Profile tags: - Policy, Operations, Port Mirroring x-vmw-nsx-module: PolicyPortMirroring get: consumes: - application/json description: | API will return details of port mirroring profile. operationId: ReadPortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Details of Port Mirroring Profile tags: - Policy, Operations, Port Mirroring x-vmw-nsx-module: PolicyPortMirroring patch: consumes: - application/json description: | Create a new Port Mirroring Profile if the Port Mirroring Profile with given id does not already exist. If the Port Mirroring Profile with the given id already exists, patch with the existing Port Mirroring Profile. Realized entities of this API can be found using the path of monitoring profile binding map that is used to apply this profile. operationId: PatchPortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string - in: body name: PortMirroringProfile required: true schema: $ref: '#/definitions/PortMirroringProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch Port Mirroring Profile. tags: - Policy, Operations, Port Mirroring x-vmw-nsx-module: PolicyPortMirroring put: consumes: - application/json description: | Create or Replace port mirroring profile. Packets will be mirrored from source group, segment, port to destination group. Realized entities of this API can be found using the path of monitoring profile binding map that is used to apply this profile. operationId: CreateOrReplacePortMirroringProfile parameters: - description: |- Port Mirroring Profiles Id in: path name: port-mirroring-profile-id required: true type: string - in: body name: PortMirroringProfile required: true schema: $ref: '#/definitions/PortMirroringProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace Port Mirroring Profile. tags: - Policy, Operations, Port Mirroring x-vmw-nsx-module: PolicyPortMirroring /global-infra/qos-profiles: get: consumes: - application/json description: | API will list all QoS profiles. operationId: ListQoSProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List QoS Profiles tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profiles x-vmw-nsx-module: PolicyQoS /global-infra/qos-profiles/{qos-profile-id}: delete: consumes: - application/json description: | API will delete QoS profile. operationId: DeleteQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete QoS profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profiles x-vmw-nsx-module: PolicyQoS get: consumes: - application/json description: | API will return details of QoS profile. operationId: ReadQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Details of QoS profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profiles x-vmw-nsx-module: PolicyQoS patch: consumes: - application/json description: | Create a new QoS profile if the QoS profile with given id does not already exist. If the QoS profile with the given id already exists, patch with the existing QoS profile. operationId: PatchQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - in: body name: QoSProfile required: true schema: $ref: '#/definitions/QoSProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch QoS profile. tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profiles x-vmw-nsx-module: PolicyQoS put: consumes: - application/json description: | Create or Replace QoS profile. operationId: CreateOrReplaceQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - in: body name: QoSProfile required: true schema: $ref: '#/definitions/QoSProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace QoS profile. tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profiles x-vmw-nsx-module: PolicyQoS /global-infra/realized-state/alarms: get: consumes: - application/json description: | Paginated list of all alarms. operationId: ListAlarms parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyAlarmResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List All alarms in the system tags: - Policy, Infra, Realized State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/realized-entities: get: consumes: - application/json description: | Get list of realized entities associated with intent object, specified by path in query parameter operationId: ListRealizedEntities parameters: - description: String Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GenericPolicyRealizedResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get list of realized objects associated with intent object tags: - Policy, Infra, Realized State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/realized-entity?action=refresh: post: consumes: - application/json description: | Refresh the status and statistics of all realized entities associated with given intent path synchronously. The vmw-async: True HTTP header cannot be used with this API. operationId: RefreshRealizedStateRefresh parameters: - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: String Path of the intent object in: query name: intent_path required: true type: string responses: '204': description: No Content '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Refresh all realized entities associated with the intent-path tags: - Policy, Infra, Realized State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/status: get: consumes: - application/json description: | Get Consolidated Status of an intent object (with or without enforcement specific status details). The request is evaluated as follows: - : the request is evaluated on all enforcement points for the given intent without enforcement point specific details. - : the request is evaluated on all enforcement points for the given intent with enforcement point specific details. operationId: ReadIntentStatus parameters: - default: false description: Include Enforced Status Flag in: query name: include_enforced_status type: boolean - description: Policy Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site from where the realization status needs to be fetched in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConsolidatedRealizedStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get consolidated status of an intent object tags: - Policy, Infra, Realized State x-vmw-nsx-module: PolicyRealizedState /global-infra/segment-security-profiles: get: consumes: - application/json description: | API will list all segment security profiles. operationId: ListSegmentSecurityProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List segment security profiles tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profiles x-vmw-nsx-module: PolicySegmentSecurity /global-infra/segment-security-profiles/{segment-security-profile-id}: delete: consumes: - application/json description: | API will delete segment security profile with the given id. operationId: DeleteSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- DELETE segment security profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profiles x-vmw-nsx-module: PolicySegmentSecurity get: consumes: - application/json description: | API will return details of the segment security profile with given id. If the profile does not exist, it will return 404. operationId: GetSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- GET Segment security profile id tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profiles x-vmw-nsx-module: PolicySegmentSecurity patch: consumes: - application/json description: | Create a new segment security profile if the segment security profile with given id does not exist. Otherwise, PATCH the existing segment security profile operationId: PatchSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - in: body name: SegmentSecurityProfile required: true schema: $ref: '#/definitions/SegmentSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- PATCH segment security profile id tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profiles x-vmw-nsx-module: PolicySegmentSecurity put: consumes: - application/json description: | Create or replace a segment security profile operationId: CreateOrUpdateSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - in: body name: SegmentSecurityProfile required: true schema: $ref: '#/definitions/SegmentSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- PUT segment security profile id tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profiles x-vmw-nsx-module: PolicySegmentSecurity /global-infra/segments: get: consumes: - application/json description: | Paginated list of all segments under infra. operationId: ListAllInfraSegments parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all segments under infra tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/state: get: consumes: - application/json description: | Returns all infra segments with configuration state on the enforcement point specified in the request operationId: GetInfraSegmentsByState parameters: - description: Configuration state of the segment on enforcement point enum: - pending - in_progress - success - failed - partial_success - orphaned - unknown in: query name: configuration_state required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationStateListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segments by configuration state tags: - Policy, Networking, Connectivity, Segments, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Port Discovery Profile Binding Maps in current port id. operationId: ListInfraPortDiscoveryBindings parameters: - in: path name: infra-segment-id required: true type: string - in: path name: infra-port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Port Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-discovery-profile-binding-maps/{port-discovery-profile-binding-map-id} : get: consumes: - application/json description: | API will get Infra Port Discovery Profile Binding Map operationId: GetInfraPortDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Infra Port ID in: path name: infra-port-id required: true type: string - description: |- Port Discovery Profile Binding Map ID in: path name: port-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Port Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Port Monitoring Profile Binding Maps in current port id. operationId: ListInfraPortMonitoringBindings parameters: - in: path name: infra-segment-id required: true type: string - in: path name: infra-port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Port Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id} : get: consumes: - application/json description: | API will get Infra Port Monitoring Profile Binding Map. operationId: GetInfraPortMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Infra Port ID in: path name: infra-port-id required: true type: string - description: |- Port Monitoring Profile Binding Map ID in: path name: port-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id}/mirror-stack-status : get: consumes: - application/json description: | API will get Infra Port Monitoring Profile Binding Map mirror stack status. operationId: GetInfraPortMonitoringBindingMirrorStackStatus parameters: - in: path name: infra-segment-id required: true type: string - in: path name: infra-port-id required: true type: string - in: path name: port-monitoring-profile-binding-map-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Binding map path enforcemnt point path to remote L3 mirror session in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MirrorStackStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get mirror stack status for Infra Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/segments/{infra-segment-id}/segment-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Segment Discovery Profile Binding Maps in current segment id. operationId: ListInfraSegmentDiscoveryBindings parameters: - in: path name: infra-segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Segment Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/segments/{infra-segment-id}/segment-discovery-profile-binding-maps/{segment-discovery-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Discovery Profile Binding Profile operationId: DeleteInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Discovery Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding get: consumes: - application/json description: | API will get Infra Segment Discovery Profile Binding Map operationId: GetInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding patch: consumes: - application/json description: |- API will create Infra Segment Discovery Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: PatchInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding put: consumes: - application/json description: |- API will update Infra Segment Discovery Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: UpdateInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/segments/{infra-segment-id}/segment-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Segment Monitoring Profile Binding Maps in current segment id. operationId: ListInfraSegmentMonitoringBindings parameters: - in: path name: infra-segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Segment Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Infra Segment Monitoring Profile Binding Profile. operationId: DeleteInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Infra Segment Monitoring Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Infra Segment Monitoring Profile Binding Map. operationId: GetInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create infra segment monitoring profile binding map. operationId: PatchInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Infra Segment Monitoring Profile Binding Map. operationId: UpdateInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id}/mirror-stack-status : get: consumes: - application/json description: | API will get Infra Segment Monitoring Profile Binding Map mirror stack status. operationId: GetInfraSegmentMonitoringBindingMirrorStackStatus parameters: - in: path name: infra-segment-id required: true type: string - in: path name: segment-monitoring-profile-binding-map-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Binding map path enforcemnt point path to remote L3 mirror session in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MirrorStackStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/segments/{segment-id}: delete: consumes: - application/json description: |- Delete infra segment operationId: DeleteInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete infra segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read infra segment operationId: ReadInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read infra segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. operationId: PatchInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. operationId: CreateOrReplaceInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a infra segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the interface (downlink) attaching segment to tier-0/tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetInfraSegmentInterfaceArpTable parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the interface (downlink) attaching segment to tier-0/tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetInfraSegmentInterfaceArpTableCsv parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/dhcp-static-binding-configs: get: consumes: - application/json description: | Paginated list of all DHCP static binding instances operationId: ListInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DHCP static bindings tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/dhcp-static-binding-configs/{binding-id}: delete: consumes: - application/json description: |- Delete DHCP static binding operationId: DeleteInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP static binding operationId: ReadInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with specified attributes. operationId: PatchInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with this object. operationId: CreateOrReplaceInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/dhcp-static-bindings/{binding-id}/state: get: consumes: - application/json description: |- Read DHCP static binding state operationId: ReadInfraSegmentDhcpStaticBindingState parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding state tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/gateway-interface-arp-table: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-0 operationId: GetDownlinkPortArpTableForInfraSegment parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table for downlink router port on tier-0 router tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/gateway-interface-arp-table?format=csv: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-0 operationId: GetDownlinkPortArpTableForInfraSegmentInCsv parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table for downlink router port on tier-0 router in CSV tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/gateway-interface-dad-state: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-0 operationId: GetDownlinkPortDadStateForInfraSegment parameters: - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD state for downlink router port on tier-0 router tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, DAD State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/gateway-interface-statistics: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-0 operationId: GetDownlinkPortStatisticsForInfraSegment parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get statistics for downlink router port on tier-0 router tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/gateway-interface-statistics/summary: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-0 operationId: GetDownlinkPortStatisticsSummaryForInfraSegment parameters: - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get statistics for downlink router port on tier-0 router tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/inter-site-forwarder/site-span-info: get: consumes: - application/json description: | Get infra segment cross site forwarder placement and HA statuss. operationId: GetInfraSegmentCsSpanInfo parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentL2ForwarderSiteSpanInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment cross site forwarder placement and HA status tags: - Policy, Networking, Connectivity, Segment, Intersite-Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/inter-site-forwarder/status: get: consumes: - application/json description: | Get infra segment cross site traffic statistics. operationId: GetInfraSegmentCsTrafficStats parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentCrossSiteTrafficStats' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment cross site traffic statistics tags: - Policy, Networking, Connectivity, Segment, Intersite-Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/mac-table: get: consumes: - application/json description: | Returns MAC table for a segment operationId: GetInfraSegmentMacTable parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMacAddressListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment MAC table tags: - Policy, Networking, Connectivity, Segment, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/mac-table?format=csv: get: consumes: - application/json description: | Returns MAC table for a segment operationId: GetInfraSegmentMacTableInCsv parameters: - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/MacAddressCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment MAC table in CSV tags: - Policy, Networking, Connectivity, Segment, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/ports: get: consumes: - application/json description: | List all the ports for an infra. operationId: ListInfraSegmentPorts parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment ports tags: - Policy, Networking, Connectivity, Segments, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/ports/{port-id}: get: consumes: - application/json description: | Get detail information on an infra segment port by giving ID. operationId: GetInfraSegmentPort parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPort' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port by ID tags: - Policy, Networking, Connectivity, Segments, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/ports/{port-id}/mac-table: get: consumes: - application/json description: | Returns MAC table for a segment port operationId: GetInfraSegmentPortMacTable parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortMacAddressListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get MAC table for infra segment port tags: - Policy, Networking, Connectivity, Segment, Ports, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/ports/{port-id}/mac-table?format=csv: get: consumes: - application/json description: | Returns MAC table for a segment port operationId: GetInfraSegmentPortMacTableInCsv parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortMacAddressCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port MAC table in CSV tags: - Policy, Networking, Connectivity, Segment, Ports, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Port QoS Profile Binding Maps in current port id. operationId: ListInfraPortQoSBindings parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps/{port-qos-profile-binding-map-id}: get: consumes: - application/json description: | API will get Port QoS Profile Binding Map. operationId: GetInfraPortQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port QoS Profile Binding Map ID in: path name: port-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps: get: consumes: - application/json description: | API will list all port security profile binding maps. operationId: ListInfraSegmentPortSecurityProfileBindings parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment port security profile binding maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps/{port-security-profile-binding-map-id} : get: consumes: - application/json description: | API will return details of the port security profile binding map. If the security profile binding map does not exist, it will return 404. operationId: GetInfraSegmentPortSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: |- port security profile binding map id in: path name: port-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}/ports/{port-id}/state: get: consumes: - application/json description: | Returns infra segment port state on enforcement point operationId: GetInfraSegmentPortState parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port state tags: - Policy, Networking, Connectivity, Segment, Ports, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/segment-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment QoS Profile Binding Maps in current segment id. operationId: ListInfraSegmentQoSBindings parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/segment-qos-profile-binding-maps/{segment-qos-profile-binding-map-id}: delete: consumes: - application/json description: |- API will delete Segment QoS Profile Binding Profile. operationId: DeleteInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment QoS Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding get: consumes: - application/json description: | API will get Segment QoS Profile Binding Map. operationId: GetInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding patch: consumes: - application/json description: |- API will create segment QoS profile binding map. For objects with no binding maps, default profile is applied. operationId: PatchInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding put: consumes: - application/json description: |- API will update Segment QoS Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: UpdateInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/segment-security-profile-binding-maps: get: consumes: - application/json description: | API will list all segment security profile binding maps. operationId: ListInfraSegmentSecurityProfileBindings parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment security profile binding maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}/segment-security-profile-binding-maps/{segment-security-profile-binding-map-id}: delete: consumes: - application/json description: | API will delete segment security profile binding map. operationId: DeleteInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding get: consumes: - application/json description: | API will return details of the segment security profile binding map. If the binding map does not exist, it will return 404. operationId: GetInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding patch: consumes: - application/json description: | Create a new segment security profile binding map if the given security profile binding map does not exist. Otherwise, patch the existing segment security profile binding map. For objects with no binding maps, default profile is applied. operationId: PatchInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding put: consumes: - application/json description: | API will create or replace segment security profile binding map. For objects with no binding maps, default profile is applied. operationId: CreateOrUpdateInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}/tep-table: get: consumes: - application/json description: | Returns TEP table for a segment operationId: GetInfraSegmentTepTable parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTepListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment TEP table tags: - Policy, Networking, Connectivity, Segment, Tep Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/tep-table?format=csv: get: consumes: - application/json description: | Returns TEP table for a segment in CSV operationId: GetInfraSegmentTepTableInCsv parameters: - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/PolicyTepCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment TEP table in CSV tags: - Policy, Networking, Connectivity, Segment, Tep Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}?force=true: delete: consumes: - application/json description: |- Force delete bypasses validations during segment deletion. This may result in an inconsistent connectivity. operationId: ForceDeleteInfraSegmentTrue parameters: - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Force delete infra segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. Force parameter is required when workload connectivity is indirectly impacted with the current update. operationId: PatchInfraSegmentWithForceTrue parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. Force parameter is required when workload connectivity is indirectly impacted with the current replacement. operationId: CreateOrReplaceInfraSegmentWithForceTrue parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a infra segment tags: - Policy, Networking, Connectivity, Segments, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segments-id}/ports/{port-id}/statistics: get: consumes: - application/json description: | Get infra segment port statistics information. operationId: GetInfraSegmentPortStatistics parameters: - in: path name: segments-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port statistics information tags: - Policy, Networking, Connectivity, Segment, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segments-id}/state: get: consumes: - application/json description: | Get infra segment state information. operationId: GetInfraSegmentState parameters: - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment state information tags: - Policy, Networking, Connectivity, Segments, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segments-id}/statistics: get: consumes: - application/json description: | Get infra segment statistics information. operationId: GetInfraSegmentStatistics parameters: - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment statistics information tags: - Policy, Networking, Connectivity, Segments, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/services: get: consumes: - application/json description: | Paginated list of Services for infra. operationId: ListServicesForTenant parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Fetch all default services in: query name: default_service type: boolean - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Services for infra tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}: delete: consumes: - application/json description: |- Delete Service operationId: DeleteServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Read a service operationId: ReadServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Service' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy patch: consumes: - application/json description: | Create a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, patch the service including the nested service entries. operationId: PatchServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string - in: body name: Service required: true schema: $ref: '#/definitions/Service' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy put: consumes: - application/json description: | Create a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, update the service including the nested service entries. This is a full replace. operationId: UpdateServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string - in: body name: Service required: true schema: $ref: '#/definitions/Service' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Service' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}/service-entries: get: consumes: - application/json description: | Paginated list of Service entries for the given service operationId: ListServiceEntries parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntryListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Service entries for the given service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}/service-entries/{service-entry-id}: delete: consumes: - application/json description: |- Delete Service entry operationId: DeleteServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Service entry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Service entry operationId: ReadServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntry' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Service entry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, patch the service entry. operationId: PatchServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string - in: body name: ServiceEntry required: true schema: $ref: '#/definitions/ServiceEntry' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a ServiceEntry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, update the service entry. operationId: UpdateServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string - in: body name: ServiceEntry required: true schema: $ref: '#/definitions/ServiceEntry' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntry' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ServiceEntry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/session-timer-profiles/{session-timer-profile-id}/bindings: get: consumes: - application/json description: |- API will list all Session Timer Profiles bindings. operationId: ListSessionTimerProfileBindings parameters: - in: path name: session-timer-profile-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Session Timer Profiles tags: - Policy, Security, Security Profiles, Session Timer Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/cpu-mem-thresholds-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall CPU Memory Thresholds Profile Binding Maps. operationId: ListPolicyFirewallCPUMemThresholdsProfileBindingMaps parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall CPU Memory Thresholds Profile Binding Maps tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding /global-infra/settings/firewall/cpu-mem-thresholds-profile-binding-maps/{cpu-mem-thresholds-profile-binding-map-id}: delete: consumes: - application/json description: |- API will delete Firewall CPU Memory Thresholds Profile Binding. operationId: DeletePolicyFirewallCPUMemThresholdsProfileBindingMap parameters: - description: |- Firewall CPU Memory Thresholds Profile Binding Map ID in: path name: cpu-mem-thresholds-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall CPU Memory Thresholds Profile Binding tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding /global-infra/settings/firewall/cpu-mem-thresholds-profiles: get: consumes: - application/json description: |- List all CPU and memory thresholds profiles. operationId: ListCPUMemThresholdsProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all CPU and memory thresholds profiles tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/cpu-mem-thresholds-profiles/{profile-id}: delete: consumes: - application/json description: |- Delete CPU and memory thresholds profile. operationId: DeleteCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete CPU and memory thresholds profile tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- Read the CPU and memory thresholds profile. operationId: ReadCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the CPU and memory thresholds profile tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- Create or update CPU and memory thresholds profile. operationId: PatchCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - in: body name: PolicyFirewallCpuMemThresholdsProfile required: true schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update CPU and memory thresholds profile tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- Create or update CPU and memory thresholds profile. operationId: UpdateCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - in: body name: PolicyFirewallCpuMemThresholdsProfile required: true schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update CPU and memory thresholds profile tags: - Policy, Security, Security Profiles, Cpu Memory Thresholds Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/export: get: consumes: - application/json description: | Get the information of the latest export task. operationId: GetExportTask produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ExportTask' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the information of export task tags: - Policy, Security, East West Security, Distributed Firewall, Task x-vmw-nsx-module: PolicyTask post: consumes: - application/json description: | Invoke export task. There can be only one export task run at any point of time. Hence invocation of another export task will be discarded, when there exist an already running export task. Exported configuration will be in a CSV format. This CSV file will be zipped into a ZIP file, that can be downloaded after the completion of export task. operationId: InvokeExportTask parameters: - in: body name: ExportRequestParameter required: true schema: $ref: '#/definitions/ExportRequestParameter' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ExportTask' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Invoke export task tags: - Policy, Security, East West Security, Distributed Firewall, Task x-vmw-nsx-module: PolicyTask /global-infra/settings/firewall/export?action=cancel: post: consumes: - application/json description: | This operation cancels an export task. Task needs to be in running state. operationId: CancelExportTaskCancel produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ExportTask' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Cancel a running export task tags: - Policy, Security, East West Security, Distributed Firewall, Task x-vmw-nsx-module: PolicyTask /global-infra/settings/firewall/export?action=download: get: consumes: - application/json description: | Download the exported file generated from the last export task. operationId: DownloadExportedFileDownload produces: - application/octet-stream responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Download exported file tags: - Policy, Security, East West Security, Distributed Firewall, Task x-vmw-nsx-module: PolicyTask /global-infra/settings/firewall/stats?action=reset: post: consumes: - application/json description: | Sets firewall rule statistics counter to zero. This operation is supported for given category, for example: DFW i.e. for all layer3 firewall (transport nodes only) rules or EDGE i.e. for all layer3 edge firewall (edge nodes only) rules. - no enforcement point path specified: On global manager, it is mandatory to give an enforcement point path. On local manager, reset of stats will be executed for each enforcement point. - {enforcement_point_path}: Reset of stats will be executed only for the given enforcement point. operationId: ResetRuleStatsReset parameters: - description: Aggregation statistic category enum: - DFW - EDGE in: query name: category required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Reset firewall rule statistics tags: - Policy, Security, East West Security, Distributed Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/site-cleanup-pending: get: consumes: - application/json description: | Paginated list of resources pending to be cleaned. operationId: ListSiteCleanupPending parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: String Path of a resource. in: query name: intent_path required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SiteCleanupPendingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List resources pending to be cleaned from set of sites. tags: - Federation, Infra, Global Managers x-vmw-nsx-module: GmSiteCleanupPending /global-infra/sites: get: consumes: - application/json description: | List Sites under Infra. operationId: ListSites parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SiteListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Sites tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/listener_certificate: get: consumes: - application/json description: | Connects to the given IP and port, and, if an SSL listener is present, returns the certificate of the listener. Intent of this API is "Do you trust this certificate?". operationId: GetInfraSiteListenerCertificate parameters: - description: Host name or IP address of TLS listener format: host-or-ip in: query name: address required: true type: string - description: TCP port number of the TLS listener format: int32 in: query maximum: 65535 minimum: 0 name: port required: true type: integer produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsListenerCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the certificate of the listener tags: - Federation, Infra, Onboarding x-vmw-nsx-module: PolicySiteGM /global-infra/sites/{site-id}: delete: consumes: - application/json description: | Delete a site under Infra. operationId: DeleteInfraSite parameters: - in: path name: site-id required: true type: string - in: query name: force required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a site tags: - Federation, Infra, Onboarding x-vmw-nsx-module: PolicySiteGM get: consumes: - application/json description: | Read a site under Infra. operationId: ReadSite parameters: - in: path name: site-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Site' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a site tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | Create or patch Site under Infra. operationId: PatchInfraSite parameters: - in: path name: site-id required: true type: string - in: body name: Site required: true schema: $ref: '#/definitions/Site' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch Site tags: - Federation, Infra, Onboarding x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace a Site under Infra. Revision is optional for creation and required for update. operationId: CreateOrUpdateInfraSite parameters: - in: path name: site-id required: true type: string - in: body name: Site required: true schema: $ref: '#/definitions/Site' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Site' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Site under infra tags: - Federation, Infra, Onboarding x-vmw-nsx-module: PolicySiteGM /global-infra/sites/{site-id}/enforcement-points: get: consumes: - application/json description: | Paginated list of all enforcementpoints under Site. operationId: ListEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPointListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List enforcementpoints under Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcement-point-id}?action=full-sync: post: consumes: - application/json description: |- Full sync EnforcementPoint from Site operationId: FullSyncEnforcementPointForSiteFull-sync parameters: - in: path name: site-id required: true type: string - in: path name: enforcement-point-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Full sync EnforcementPoint from Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}: delete: consumes: - application/json description: |- Delete EnforcementPoint from Site operationId: DeleteEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete EnforcementPoint from Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read an Enforcement Point under Infra/Site operationId: ReadEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read an Enforcement Point under Infra/Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. operationId: PatchEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: body name: EnforcementPoint required: true schema: $ref: '#/definitions/EnforcementPoint' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a new Enforcement Point under Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. operationId: CreateOrUpdateEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: body name: EnforcementPoint required: true schema: $ref: '#/definitions/EnforcementPoint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create/update a new Enforcement Point under Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters: get: consumes: - application/json description: | Paginated list of all Edge Clusters under an Enforcement Point operationId: ListEdgeClustersForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Edge Clusters under an Enforcement Point tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}: get: consumes: - application/json description: | Read a Edge Cluster under an Enforcement Point operationId: ReadEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeCluster' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Edge Cluster under an Enforcement Point tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes: get: consumes: - application/json description: | Paginated list of all Edge Nodes under an Enforcement Point, Edge Cluster operationId: ListEdgeNodesUnderEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeNodeListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Edge Nodes under an Enforcement Point, Edge Cluster tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement ? /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{edge-node-id} : get: consumes: - application/json description: | Read a Edge Node under an Enforcement Point, Edge Cluster operationId: ReadEdgeNodeUnderEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string - in: path name: edge-node-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeNode' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Edge Node under an Enforcement Point, Edge Cluster tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/transport-zones: get: consumes: - application/json description: | Paginated list of all Transport Zones under an Enforcement Point operationId: ListTransportZonesForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTransportZoneListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Transport Zones under an Enforcement Point tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/transport-zones/{transport-zone-id}: get: consumes: - application/json description: | Read a Transport Zone under an Enforcement Point operationId: ReadTransportZoneForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: transport-zone-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTransportZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Transport Zone under an Enforcement Point tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}?action=reload: post: consumes: - application/json description: | Reload an Enforcement Point under Site. This will read and update fabric configs from enforcement point. operationId: ReloadEnforcementPointForSiteReload parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Reload an Enforcement Point under Site tags: - Policy, Infra, Enforcement Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/onboarding/feature-summary: get: consumes: - application/json description: | Get consolidated list of conflicting entities summary for each supported feature for a site with an example. operationId: ListFederationFeatureSummary parameters: - in: path name: site-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConflictingEntityListResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch conflicting entities summary for a Site tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/sites/{site-id}/onboarding/invalid-config-details: get: consumes: - application/json description: | Get feature summary details with invalid configuration for a feature. operationId: GetFederationFeatureSummaryDetails parameters: - in: path name: site-id required: true type: string - description: Unsupported features enum: - LB in: query name: feature required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FederationInvalidConfigurationDetailsResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch feature entities summary details for a Site tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/sites/{site-id}/onboarding/preferences: get: consumes: - application/json description: | Get user onboarding preferences for a site on global manager. operationId: GetSiteOnboardingPreference parameters: - in: path name: site-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SiteOnboardingPreference' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Onboarding Preferences tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding put: consumes: - application/json description: | Update user onboarding preferences to allow or reject site onboarding on global manager. operationId: UpdateSiteOnboardingPreference parameters: - in: path name: site-id required: true type: string - in: body name: SiteOnboardingPreference required: true schema: $ref: '#/definitions/SiteOnboardingPreference' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SiteOnboardingPreference' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Onboarding Preferences tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/sites/{site-id}/onboarding/status: get: consumes: - application/json description: |- Get onboarding status for a site. operationId: GetConfigOnboardingStatus parameters: - in: path name: site-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConfigOnboardingStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Onboarding status tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/sites/{site-id}/onboarding?action=check_conflict: post: consumes: - application/json description: | Verifies and reports conflicting onboarding feature for a site. The response will contain first conflicting feature for the site configuration compared to corresponding global manager configuration. operationId: CheckConfigOnboardingConflictCheck_conflict parameters: - in: path name: site-id required: true type: string - in: body name: ConfigOnboardingConflictRequest required: true schema: $ref: '#/definitions/ConfigOnboardingConflictRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConfigOnboardingConflictStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Check Onboarding configuration conflicts tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/sites/{site-id}/onboarding?action=start_onboarding: post: consumes: - application/json description: | Initiate config on-boarding of a Site. The entire on-boarding is async workflow controlled by API. operationId: StartConfigOnboardingStart_onboarding parameters: - in: path name: site-id required: true type: string - in: body name: ConfigOnboardingRequest required: true schema: $ref: '#/definitions/ConfigOnboardingRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConfigOnboardingStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Start or Check on-boarding for a Site tags: - Federation, Infra, Onboarding x-vmw-nsx-module: GmConfigOnboarding /global-infra/span: get: consumes: - application/json description: |- Get span for an entity with specified path. operationId: GetSpan parameters: - description: String Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Span' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get span for an entity with specified path tags: - Federation, Infra, Sites x-vmw-nsx-module: PolicySitesSpan /global-infra/spoofguard-profiles: get: consumes: - application/json description: | API will list all SpoofGuard profiles. operationId: ListSpoofGuardProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List SpoofGuard profiles tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Spoofguard Profiles x-vmw-nsx-module: PolicySpoofGuard /global-infra/spoofguard-profiles/{spoofguard-profile-id}: delete: consumes: - application/json description: | API will delete SpoofGuard profile with the given id. operationId: DeleteSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete SpoofGuard profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Spoofguard Profiles x-vmw-nsx-module: PolicySpoofGuard get: consumes: - application/json description: | API will return details of the SpoofGuard profile with given id. If the profile does not exist, it will return 404. operationId: GetSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get SpoofGuard profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Spoofguard Profiles x-vmw-nsx-module: PolicySpoofGuard patch: consumes: - application/json description: | Create a new SpoofGuard profile if the SpoofGuard profile with the given id does not exist. Otherwise, patch with the existing SpoofGuard profile. operationId: PatchSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - in: body name: SpoofGuardProfile required: true schema: $ref: '#/definitions/SpoofGuardProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch SpoofGuard profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Spoofguard Profiles x-vmw-nsx-module: PolicySpoofGuard put: consumes: - application/json description: | API will create or replace SpoofGuard profile. operationId: CreateOrUpdateSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - in: body name: SpoofGuardProfile required: true schema: $ref: '#/definitions/SpoofGuardProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace SpoofGuard profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Spoofguard Profiles x-vmw-nsx-module: PolicySpoofGuard /global-infra/tier-0s: get: consumes: - application/json description: | Paginated list of all Tier-0s operationId: ListTier0s parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0ListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0s tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}: delete: consumes: - application/json description: |- Delete Tier-0 operationId: DeleteTier0 parameters: - in: path name: tier-0-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Gateways x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 operationId: ReadTier0 parameters: - in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Gateways x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-0 with the tier-0-id is not already present, create a new Tier-0. If it already exists, update the Tier-0 for specified attributes. operationId: PatchTier0 parameters: - in: path name: tier-0-id required: true type: string - in: body name: Tier0 required: true schema: $ref: '#/definitions/Tier0' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Gateways x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-0 with the tier-0-id is not already present, create a new Tier-0. If it already exists, replace the Tier-0 instance with the new object. operationId: CreateOrReplaceTier0 parameters: - in: path name: tier-0-id required: true type: string - in: body name: Tier0 required: true schema: $ref: '#/definitions/Tier0' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/community-lists: get: consumes: - application/json description: | Paginated list of all community lists under a tier-0 operationId: ListCommunityList parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityListListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BGP community lists tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Community Lists x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/community-lists/{community-list-id}: delete: consumes: - application/json description: |- Delete a BGP community list operationId: DeleteCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a BGP community list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Community Lists x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a BGP community list operationId: ReadCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a BGP community list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Community Lists x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a community list with the community-list-id is not already present, create a new community list. If it already exists, update the community list for specified attributes. operationId: PatchCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string - in: body name: CommunityList required: true schema: $ref: '#/definitions/CommunityList' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP community list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Community Lists x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a community list with the community-list-id is not already present, create a new community list. If it already exists, replace the community list instance with the new object. operationId: CreateOrReplaceCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string - in: body name: CommunityList required: true schema: $ref: '#/definitions/CommunityList' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP community list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Community Lists x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/dns-forwarder: delete: consumes: - application/json description: |- Delete DNS configuration for tier-0 instance operationId: DeletePolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS configuration for tier-0 instance tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-0 instance operationId: ReadPolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-0 instance tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Update the DNS Forwarder operationId: PatchPolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the DNS Forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder post: consumes: - application/json description: | Perform the specified action for Tier0 DNS forwarder on specified enforcement point. operationId: PerformEPActionForDnsForwarderAtTier0 parameters: - in: path name: tier-0-id required: true type: string - description: An action to be performed for DNS forwarder on EP enum: - clear_cache in: query name: action required: true type: string - default: /infra/sites/default/enforcement-points/default description: An enforcement point path, on which the action is to be performed in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Perform the specified DNS forwarder action tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Update the DNS Forwarder operationId: UpdatePolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the DNS Forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-0s/{tier-0-id}/dns-forwarder/nslookup: get: consumes: - application/json description: | Query the nameserver for an ip-address or a FQDN of the given an address optionally using an specified DNS server. If the address is a fqdn, nslookup will resolve ip-address with it. If the address is an ip-address, do a reverse lookup and answer fqdn(s). If enforcement point is specified, then DNS forwarder nslookup answer will get fetched from specified enforcement point. Otherwise from all enforcement points. operationId: LookupAddressViaTier0DNSForwarder parameters: - in: path name: tier-0-id required: true type: string - description: IP address or FQDN for nslookup in: query name: address required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregatePolicyDnsAnswer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolve a given address via the dns forwarder at Tier0 tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-0s/{tier-0-id}/dns-forwarder/statistics: get: consumes: - application/json description: | Get statistics of tier-0 DNS forwarder. - no enforcement point path specified: Statistics will be evaluated on each enforcement point. - {enforcement_point_path}: Statistics are evaluated only on the given enforcement point. operationId: GetTier0DNSForwarderStatistics parameters: - description: |- Tier-0 id in: path name: tier-0-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 DNS forwarder statistics tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-0s/{tier-0-id}/dns-forwarder/status: get: consumes: - application/json description: | Get current status of tier-0 DNS forwarder. - no enforcement point path specified: Status will be evaluated on each enforcement point. - {enforcement_point_path}: Status will be evaluated only on the given enforcement point. operationId: GetTier0DNSForwarderStatus parameters: - description: |- Tier-0 id in: path name: tier-0-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get current status of tier-0 DNS forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-0 Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-0s/{tier-0-id}/forwarding-table: get: consumes: - application/json description: | Get forwarding table from tier-0 operationId: GetTier0ForwardingTable parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Forwarding Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/forwarding-table?format=csv: get: consumes: - application/json description: | Get forwarding table from tier-0 gateway in CSV format. operationId: GetTier0ForwardingTableCsv parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-0 in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Forwarding Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of gateway rules associated with the Tier-0. The gateay policies are returned in the order of category and precedence. operationId: ViewTier0GatewayFirewall parameters: - in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-0 logical router. tags: - Policy, Security, North South Security, Gateway Firewall, Tier-0 Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-0s/{tier-0-id}/locale-services: get: consumes: - application/json description: | Paginated list of all Tier-0 locale-services operationId: ListTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServicesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Locale Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/arp-proxies: get: consumes: - application/json description: | Returns ARP proxy table for a tier-0 operationId: GetTier0ArpProxies parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyArpProxyTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-0 Address Resolution Protocol Proxies tags: - Policy, Networking, Connectivity, Tier-0 Gateways, ARP Proxies x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp: get: consumes: - application/json description: |- Read BGP routing config operationId: ReadBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpRoutingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read BGP routing config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an BGP routing config not present, create BGP routing config. If it already exists, update the routing config. operationId: PatchBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: body name: BgpRoutingConfig required: true schema: $ref: '#/definitions/BgpRoutingConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update BGP routing config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If BGP routing config is not already present, create BGP routing config. If it already exists, replace the BGP routing config with this object. operationId: CreateOrReplaceBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: body name: BgpRoutingConfig required: true schema: $ref: '#/definitions/BgpRoutingConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpRoutingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP routing config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors: get: consumes: - application/json description: | Paginated list of all BGP neighbor configurations operationId: ListBgpNeighborConfigs parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BGP neighbor configurations tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/status: get: consumes: - application/json description: | Returns the status of all the BGP neighbors for the given Tier0. To get BGP neighbor status for a particular enforcement point, parameter "enforcement_point_path=" needs to be specified. If an enforcement_point is unspecified, then bgp neighbor status for all enforcement points is fetched. To get BGP neighbors status for the logical router from particular edge node, parameter "edge_path=" needs to be specified. If an edge_path is unspecified, then bgp neighbor status for all edges is fetched. operationId: GetTier0BgpNeighborsStatus parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyBgpNeighborsStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor status for the Tier0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}: delete: consumes: - application/json description: |- Delete BGP neighbor config operationId: DeleteBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete BGP neighbor config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read BGP neighbor config operationId: ReadBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read BGP neighbor config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If BGP neighbor config with the neighbor-id is not already present, create a new neighbor config. If it already exists, replace the BGP neighbor config with this object. operationId: PatchBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - in: body name: BgpNeighborConfig required: true schema: $ref: '#/definitions/BgpNeighborConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP neighbor config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If BGP neighbor config with the neighbor-id is not already present, create a new neighbor config. If it already exists, replace the BGP neighbor config with this object. operationId: CreateOrReplaceBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - in: body name: BgpNeighborConfig required: true schema: $ref: '#/definitions/BgpNeighborConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP neighbor config tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/advertised-routes: get: consumes: - application/json description: | Returns routes advertised by BGP neighbor from all edge transport nodes on which this neighbor is currently enabled. The query parameter "source=cached" is not supported. operationId: GetTier0BgpNeighborAdvertisedRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor advertised routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics ? /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/advertised-routes?format=csv : get: consumes: - application/json description: | Returns routes advertised by BGP neighbor from all edge transport nodes on which this neighbor is currently enabled in CSV format. Routes from all enforcement points are returned. operationId: GetTier0BgpNeighborAdvertisedRoutesInCsvFormatCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRouteDetailsInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor advertised routes in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/routes: get: consumes: - application/json description: | Returns routes learned by BGP neighbor from all edge nodes on which this neighbor is currently enabled. operationId: GetTier0BgpNeighborRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routes learned by BGP neighbor tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/routes?format=csv: get: consumes: - application/json description: | Returns routes learned by BGP neighbor from all edge nodes on which this neighbor is currently enabled. Routes from all enforcement points are returned. operationId: GetTier0BgpNeighborRoutesInCsvFormatCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRouteDetailsInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routes learned by BGP neighbor in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces: get: consumes: - application/json description: | Paginated list of all Tier-0 Interfaces operationId: ListTier0Interfaces parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0InterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Interfaces tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete Tier-0 interface operationId: DeleteTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 interface operationId: ReadTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier0Interface required: true schema: $ref: '#/definitions/Tier0Interface' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, replace the interface with this object. operationId: CreateOrReplaceTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier0Interface required: true schema: $ref: '#/definitions/Tier0Interface' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-proxy: get: consumes: - application/json description: | Returns ARP proxy table for a tier-0 interface. Interfaces can be of types - EXTERNAL and SERVICE. Interfaces of type LOOBACK and downlink are not supported. operationId: GetTier0InterfaceArpProxies parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyArpProxyTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-0 Interface Address Resolution Protocol Proxies tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Proxies x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the tier-0 interface, on a edge node if a query parameter "edge_path=" is given. The edge_path parameter is mandatory if the interface type is not EXTERNAL. operationId: GetTier0InterfaceArpTable parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the tier-0 interface, on a edge node if a query parameter "edge_path=" is given. The edge_path parameter is mandatory if the interface type is not EXTERNAL. operationId: GetTier0InterfaceArpTableCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-0 interface in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/dad-state: get: consumes: - application/json description: | Get tier-0 interface DAD state information. operationId: GetTier0InterfaceDADState parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD status by interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, DAD State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics: get: consumes: - application/json description: | Get tier-0 interface statistics information. operationId: GetTier0InterfaceStatistics parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 interface statistics information tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics/summary: get: consumes: - application/json description: | Get tier-0 interface statistics summary information. operationId: GetTier0InterfaceStatisticsSummary parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 interface statistics summary information tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/service-interfaces: get: consumes: - application/json description: | Paginated list of all Service Interfaces operationId: ListServiceInterfaces parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Service Interfaces tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/service-interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete service interface operationId: DeleteServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete service interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read service interface operationId: ReadServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read service interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. Modification of service interface is not allowed. operationId: CreateServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a service interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/tier-0-deployment-maps: get: consumes: - application/json description: | Paginated list of all Tier-0 Deployment Entries. operationId: ListTier0DeploymentMaps parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Deployment maps tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/tier-0-deployment-maps/{tier-0-deployment-map-id}: delete: consumes: - application/json description: |- Delete Tier-0 Deployment Map operationId: DeleteTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 Deployment Map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read a Tier-0 Deployment Map operationId: ReadTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Tier-0 Deployment Map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Tier-0 Deployment Map does not already exist, create a new Tier-0 Deployment Map. If it already exists, patch it. operationId: PatchTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string - in: body name: Tier0DeploymentMap required: true schema: $ref: '#/definitions/Tier0DeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a Tier-0 Deployment Map under Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Tier-0 Deployment Map does not already exist, create a new Tier-0 Deployment Map. If it already exists, replace it. operationId: CreateOrUpdateTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string - in: body name: Tier0DeploymentMap required: true schema: $ref: '#/definitions/Tier0DeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Tier-0 Deployment Map under Tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Deployment Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}: delete: consumes: - application/json description: |- Delete Tier-0 locale-services operationId: DeleteTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Locale Services x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 locale-services operationId: ReadTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Locale Services x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-0 locale-services with the locale-services-id is not already present, create a new locale-services. If it already exists, update Tier-0 locale-services with specified attributes. operationId: PatchTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Locale Services x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-0 locale-services with the locale-services-id is not already present, create a new locale-services. If it already exists, replace the Tier-0 locale-services instance with the new object. operationId: CreateOrReplaceTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Tier-0 Locale Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-0 Locale Services. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier0LocaleServicesGatewayFirewall parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-0 LocalServices. tags: - Policy, Security, North South Security, Gateway Firewall, Tier-0 Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/bgp-summary: get: consumes: - application/json description: | Get RTEP span and mac address-table. operationId: GetPolicyInterSiteBgpSummary parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Transport node in: query name: edge_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterInterSiteBgpSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get RTEP span and mac address-table tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Inter-Site x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/status: get: consumes: - application/json description: | Get RTEP mesh connectivity status. operationId: GetPolicyInterSiteStatus parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Transport node in: query name: edge_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterInterSiteStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get RTEP mesh connectivity status tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Inter-Site x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/nat/statistics: get: consumes: - application/json description: |- List NAT Rules Statistics from Tier-0 denoted by Tier-0 ID. operationId: ListPolicyNatRulesStatisticsFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules Statistics tags: - Policy, Networking, Network Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules: get: consumes: - application/json description: |- List NAT Rules from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: ListPolicyNatRulesFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules tags: - Policy, Networking, Network Services, NAT, Rules, Tier-0 Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules/{nat-rule-id}: delete: consumes: - application/json description: |- Delete NAT Rule from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: DeletePolicyNatRuleFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-0 Gateways x-vmw-nsx-module: PolicyNAT get: consumes: - application/json description: | Get NAT Rule from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-0 Gateways x-vmw-nsx-module: PolicyNAT patch: consumes: - application/json description: | If a NAT Rule is not already present on Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>, create a new NAT Rule. If it already exists, update the NAT Rule. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: PatchPolicyNatRuleOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a NAT Rule on tier-0 tags: - Policy, Networking, Network Services, NAT, Rules, Tier-0 Gateways x-vmw-nsx-module: PolicyNAT put: consumes: - application/json description: |- Update NAT Rule on Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: CreateOrReplacePolicyNatRuleOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-0 Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules/{nat-rule-id}/statistics: get: consumes: - application/json description: | Get NAT Rule Statistics from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleStatisticsFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule Statistics tags: - Policy, Networking, Network Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/prefix-lists: get: consumes: - application/json description: | Paginated list of all prefix lists operationId: ListPrefixLists parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List prefix lists tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Prefix List x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/prefix-lists/{prefix-list-id}: delete: consumes: - application/json description: |- Delete a prefix list operationId: DeletePrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a prefix list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Prefix List x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a prefix list operationId: ReadPrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a prefix list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Prefix List x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If prefix list for prefix-list-id is not already present, create a prefix list. If it already exists, update prefix list for prefix-list-id. operationId: PatchPrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string - in: body name: PrefixList required: true schema: $ref: '#/definitions/PrefixList' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a prefix list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Prefix List x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If prefix list for prefix-list-id is not already present, create a prefix list. If it already exists, replace the prefix list for prefix-list-id. operationId: CreateOrReplacePrefixList parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- Prefix List ID in: path name: prefix-list-id required: true type: string - in: body name: PrefixList required: true schema: $ref: '#/definitions/PrefixList' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a prefix list tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Prefix List x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/route-maps: get: consumes: - application/json description: | Paginated list of all route maps under a tier-0 operationId: ListAllRouteMaps parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List route maps tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Route Maps x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/route-maps/{route-map-id}: delete: consumes: - application/json description: |- Delete a route map operationId: RemoveRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a route map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Route Maps x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a route map operationId: GetRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a route map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Route Maps x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a route map with the route-map-id is not already present, create a new route map. If it already exists, update the route map for specified attributes. operationId: PatchRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string - in: body name: Tier0RouteMap required: true schema: $ref: '#/definitions/Tier0RouteMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a route map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Route Maps x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a route map with the route-map-id is not already present, create a new route map. If it already exists, replace the route map instance with the new object. operationId: CreateOrReplaceRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string - in: body name: Tier0RouteMap required: true schema: $ref: '#/definitions/Tier0RouteMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a route map tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Route Maps x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/routing-table: get: consumes: - application/json description: | Get routing table from tier-0 operationId: GetTier0Routes parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routing table from tier-0 tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Routing Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/routing-table?format=csv: get: consumes: - application/json description: | Get routing table from tier-0 gateway in CSV format. operationId: GetTier0RoutesCsv parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routing table from tier-0 in CSV format tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Routing Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/state: get: consumes: - application/json description: | Returns operationId: GetTier0State parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Interface path for interface specific state such as IPv6 DAD state in: query name: interface_path type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0GatewayState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier0 state tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/static-routes: get: consumes: - application/json description: | Paginated list of all Tier-0 Static Routes operationId: ListTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Static Routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/bfd-peers: get: consumes: - application/json description: | Paginated list of all StaticRouteBfdPeers. operationId: ListStaticRouteBfdPeer parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List StaticRouteBfdPeers tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes BFD Peers x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/bfd-peers/{bfd-peer-id}: delete: consumes: - application/json description: |- Delete this StaticRouteBfdPeer and all the entities contained by it. operationId: DeleteStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete this StaticRouteBfdPeer and all the entities contained by it. tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes BFD Peers x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: | Read a StaticRouteBfdPeer with the bfd-peer-id. operationId: ReadStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes BFD Peers x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a StaticRouteBfdPeer with the bfd-peer-id is not already present, create a new StaticRouteBfdPeer. If it already exists, update the StaticRouteBfdPeer. This is a full replace. operationId: PatchStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string - in: body name: StaticRouteBfdPeer required: true schema: $ref: '#/definitions/StaticRouteBfdPeer' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes BFD Peers x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a StaticRouteBfdPeer with the bfd-peer-id is not already present, create a new StaticRouteBfdPeer. If it already exists, update the StaticRouteBfdPeer. This operation will fully replace the object. operationId: UpdateStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string - in: body name: StaticRouteBfdPeer required: true schema: $ref: '#/definitions/StaticRouteBfdPeer' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes BFD Peers x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/{route-id}: delete: consumes: - application/json description: |- Delete Tier-0 static routes operationId: DeleteTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 static routes operationId: ReadTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, update static routes for route-id. operationId: PatchTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, replace the static routes for route-id. operationId: CreateOrReplaceTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier0-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-0 Logical Router. operationId: DeleteTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-0 Logical Router. operationId: GetTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router. operationId: PatchTier0FloodProtectionProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router. operationId: UpdateTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-0s/{tier0-id}/locale-services/{locale-services-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-0 Logical Router LocaleServices. operationId: DeleteTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices. operationId: GetTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router LocaleServices. operationId: PatchTier0LocaleServicesFloodProtectionProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router LocaleServices. operationId: UpdateTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-0s/{tier0-id}/locale-services/{locale-services-id}/session-timer-profile-bindings/{session-timer-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-0 Logical Router LocaleServices. operationId: DeleteTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices. operationId: GetTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router LocaleServices. operationId: PatchTier0LocalServicesSessionTimerProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router LocaleServices. operationId: UpdateTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-0s/{tier0-id}/session-timer-profile-bindings/{session-timer-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-0 Logical Router. operationId: DeleteTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-0 Logical Router. operationId: GetTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router. operationId: PatchTier0SessionTimerProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router. operationId: UpdateTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-1s: get: consumes: - application/json description: | Paginated list of all Tier-1 instances operationId: ListTier1 parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1ListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 instances tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}: delete: consumes: - application/json description: |- Delete Tier-1 configuration operationId: DeleteTier1 parameters: - in: path name: tier-1-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Gateways x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 configuration operationId: ReadTier1 parameters: - in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Gateways x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If Tier-1 with the tier-1-id is not already present, create a new Tier-1 instance. If it already exists, update the tier-1 instance with specified attributes. operationId: PatchTier1 parameters: - in: path name: tier-1-id required: true type: string - in: body name: Tier1 required: true schema: $ref: '#/definitions/Tier1' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Gateways x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If Tier-1 with the tier-1-id is not already present, create a new Tier-1 instance. If it already exists, replace the Tier-1 instance with this object. operationId: CreateOrReplaceTier1 parameters: - in: path name: tier-1-id required: true type: string - in: body name: Tier1 required: true schema: $ref: '#/definitions/Tier1' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tier-1 configuration tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/dns-forwarder: delete: consumes: - application/json description: |- Delete DNS configuration for tier-1 instance operationId: DeletePolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS configuration for tier-1 instance tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-1 instance operationId: ReadPolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-1 instance tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Create or update the DNS Forwarder operationId: PatchPolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder post: consumes: - application/json description: | Perform the specified action for Tier0 DNS forwarder on specified enforcement point. operationId: PerformEPActionForDnsForwarderAtTier1 parameters: - in: path name: tier-1-id required: true type: string - description: An action to be performed for DNS forwarder on EP enum: - clear_cache in: query name: action required: true type: string - default: /infra/sites/default/enforcement-points/default description: An enforcement point path, on which the action is to be performed in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Perform the specified DNS forwarder action tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Create or update the DNS Forwarder operationId: UpdatePolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-1s/{tier-1-id}/dns-forwarder/nslookup: get: consumes: - application/json description: | Query the nameserver for an ip-address or a FQDN of the given an address optionally using an specified DNS server. If the address is a fqdn, nslookup will resolve ip-address with it. If the address is an ip-address, do a reverse lookup and answer fqdn(s). If enforcement point is specified, then DNS forwarder nslookup answer will get fetched from specified enforcement point. Otherwise from all enforcement points. operationId: LookupAddressViaTier1DNSForwarder parameters: - in: path name: tier-1-id required: true type: string - description: IP address or FQDN for nslookup in: query name: address required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregatePolicyDnsAnswer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolve a given address via the dns forwarder at Tier1 tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-1s/{tier-1-id}/dns-forwarder/statistics: get: consumes: - application/json description: | Get statistics of tier-1 DNS forwarder. - no enforcement point path specified: Statistics will be evaluated on each enforcement point. - {enforcement_point_path}: Statistics are evaluated only on the given enforcement point. operationId: GetTier1DNSForwarderStatistics parameters: - description: |- Tier-1 id in: path name: tier-1-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 DNS forwarder statistics tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-1s/{tier-1-id}/dns-forwarder/status: get: consumes: - application/json description: | Get current status of tier-1 DNS forwarder. - no enforcement point path specified: Status will be evaluated on each enforcement point. - {enforcement_point_path}: Status will be evaluated only on the given enforcement point. operationId: GetTier1DNSForwarderStatus parameters: - description: |- Tier-1 id in: path name: tier-1-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get current status of tier-1 DNS forwarder tags: - Policy, Networking, IP Management, DNS, DNS Forwarder, Tier-1 Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-1s/{tier-1-id}/forwarding-table: get: consumes: - application/json description: | Get forwarding table from tier-1 operationId: GetTier1ForwardingTable parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-1 tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Forwarding Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/forwarding-table?format=csv: get: consumes: - application/json description: | Get forwarding table from tier-1 gateway in CSV format. operationId: GetTier1ForwardingTableCsv parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-1 in CSV format tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Forwarding Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-1. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier1GatewayFirewall parameters: - in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-1. tags: - Policy, Security, North South Security, Gateway Firewall, Tier-1 Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-1s/{tier-1-id}/locale-services: get: consumes: - application/json description: | Paginated list of all Tier-1 locale-services operationId: ListTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServicesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Locale Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/arp-proxies: get: consumes: - application/json description: | Returns ARP proxy table for a tier-1 operationId: GetTier1ArpProxies parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyArpProxyTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 Address Resolution Protocol Proxies tags: - Policy, Networking, Connectivity, Tier-1 Gateways, ARP Proxies x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-proxy: get: consumes: - application/json description: | Returns ARP proxy table for a tier-1 interface operationId: GetTier1InterfaceArpProxies parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyArpProxyTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 Interface Address Resolution Protocol Proxies tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Proxies x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the tier-1 interface, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetTier1InterfaceArpTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-1 interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the tier-1 interface, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetTier1InterfaceArpTableCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-1 interface in CSV format tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/dad-state: get: consumes: - application/json description: | Get tier-1 interface DAD state information. operationId: GetTier1InterfaceDADState parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD status by interface tags: - Policy, Networking, Connectivity, Tier-0 Gateways, Interfaces, DAD State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics: get: consumes: - application/json description: | Get tier-1 interface statistics information. operationId: GetTier1InterfaceStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 interface statistics information tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics/summary: get: consumes: - application/json description: | Get tier-1 interface statistics information. operationId: GetTier1InterfaceStatisticsSummary parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 interface statistics summary information tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/service-interfaces: get: consumes: - application/json description: | Paginated list of all Tier 1 Service Interfaces operationId: ListTier1ServiceInterfaces parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier 1 Service Interfaces tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/service-interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete Tier 1 service interface operationId: DeleteTier1ServiceInterface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier 1 service interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier 1 service interface operationId: ReadTier1ServiceInterface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier 1 service interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier1 service interface with the interface-id is not already present, create a new Tier1 service interface. operationId: PatchTier1ServiceInterface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 service interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier1 service interface with the interface-id is not already present, create a new Tier1 service interface. Modification of Tier 1 service interface is not allowed. operationId: CreateTier1ServiceInterface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a Tier1 service interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}: delete: consumes: - application/json description: |- Delete Tier-1 locale-services operationId: DeleteTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Locale Services x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 locale-services operationId: ReadTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Locale Services x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-1 locale services with the locale-services-id is not already present, create a new locale services. If it already exists, update Tier-1 locale services with specified attributes. operationId: PatchTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Locale Services x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-1 locale services with the locale-services-id is not already present, create a new locale-services. If it already exists, replace the Tier-1 locale services instance with the new object. Modifying edge cluster re-allocates NSX service routers of TIER1 to a different edge cluster. You can also place edge nodes manually and provide maximum two indices for HA mode ACTIVE_STANDBY. To re-allocating edge cluster is a disruptive operation and all existing statistics of Tier1 gateway will be removed. operationId: CreateOrReplaceTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Tier-1 Locale Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-1 Locale Services. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier1LocaleServicesGatewayFirewall parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-1 LocalServices. tags: - Policy, Security, North South Security, Gateway Firewall, Tier-1 Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/interfaces: get: consumes: - application/json description: | Paginated list of all Tier-1 interfaces operationId: ListTier1Interfaces parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1InterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 interfaces tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete Tier-1 interface operationId: DeleteTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 interface operationId: ReadTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier1Interface required: true schema: $ref: '#/definitions/Tier1Interface' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, replace the interface with this object. operationId: CreateOrReplaceTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier1Interface required: true schema: $ref: '#/definitions/Tier1Interface' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a tier-1 interface tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/nat/statistics: get: consumes: - application/json description: |- List NAT Rules Statistics from Tier-1 denoted by Tier-1 ID. operationId: ListPolicyNatRulesStatisticsFromTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules Statistics tags: - Policy, Networking, Network Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules: get: consumes: - application/json description: |- List NAT Rules from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: ListPolicyNatRules parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules tags: - Policy, Networking, Network Services, NAT, Rules, Tier-1 Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules/{nat-rule-id}: delete: consumes: - application/json description: |- Delete NAT Rule from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: DeletePolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-1 Gateways x-vmw-nsx-module: PolicyNAT get: consumes: - application/json description: | Get NAT Rule from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-1 Gateways x-vmw-nsx-module: PolicyNAT patch: consumes: - application/json description: | If a NAT Rule is not already present on Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>, create a new NAT Rule. If it already exists, update the NAT Rule. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: PatchPolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Nat Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-1 Gateways x-vmw-nsx-module: PolicyNAT put: consumes: - application/json description: |- Update NAT Rule on Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: CreateOrReplacePolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NAT Rule tags: - Policy, Networking, Network Services, NAT, Rules, Tier-1 Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules/{nat-rule-id}/statistics: get: consumes: - application/json description: | Get NAT Rule Statistics from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleStatisticsFromTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule Statistics tags: - Policy, Networking, Network Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/segments: get: consumes: - application/json description: | Paginated list of all segments under Tier-1 instance operationId: ListSegments parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all segments under tier-1 instance tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/state: get: consumes: - application/json description: | Returns all tier-1 segments with configuration state on the enforcement point specified in the request operationId: GetTier1SegmentsByState parameters: - in: path name: tier-1-id required: true type: string - description: Configuration state of the segment on enforcement point enum: - pending - in_progress - success - failed - partial_success - orphaned - unknown in: query name: configuration_state required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationStateListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segments by configuration state tags: - Policy, Networking, Connectivity, Segment, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}: delete: consumes: - application/json description: |- Delete segment operationId: DeleteSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete segment tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read segment operationId: ReadSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read segment tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. operationId: PatchSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. operationId: CreateOrReplaceSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the interface (downlink) attaching segment to tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetSegmentInterfaceArpTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the interface (downlink) attaching segment to tier1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetSegmentInterfaceArpTableCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) in CSV format tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-binding-configs: get: consumes: - application/json description: | Paginated list of all DHCP static binding instances operationId: ListSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DHCP static bindings tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-binding-configs/{binding-id}: delete: consumes: - application/json description: |- Delete DHCP static binding operationId: DeleteSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP static binding operationId: ReadSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with specified attributes. operationId: PatchSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with this object. operationId: CreateOrReplaceSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings, Segments Bindings (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-bindings/{binding-id}/state: get: consumes: - application/json description: |- Read DHCP static binding state operationId: ReadSegmentDhcpStaticBindingState parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding state tags: - Policy, Networking, IP Management, DHCP, DHCP Static Bindings x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/gateway-interface-arp-table: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-1 operationId: GetDownlinkPortArpTableForTier1Segment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table for downlink router port on tier-1 router tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/gateway-interface-arp-table?format=csv: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-1 operationId: GetDownlinkPortArpTableForTier1SegmentInCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table for downlink router port on tier-1 router in CSV tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, ARP Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/gateway-interface-dad-state: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-1 operationId: GetDownlinkPortDadStateForTier1Segment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD state for downlink router port on tier-1 router tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, DAD State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/gateway-interface-statistics: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-1 operationId: GetDownlinkPortStatisticsForTier1Segment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get statistics for downlink router port on tier-1 router tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/gateway-interface-statistics/summary: get: consumes: - application/json description: | Segment ID is the ID of the segment that is connected to the the tier-1 operationId: GetDownlinkPortStatisticsSummaryForTier1Segment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get statistics for downlink router port on tier-1 router tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/site-span-info: get: consumes: - application/json description: | Get segment cross site forwarder placement and HA statuss. operationId: GetSegmentCsSpanInfo parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentL2ForwarderSiteSpanInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment cross site forwarder placement and HA status tags: - Policy, Networking, Connectivity, Segment, Intersite-Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/status: get: consumes: - application/json description: | Get segment cross site traffic statistics. operationId: GetSegmentCsTrafficStats parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentCrossSiteTrafficStats' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment cross site traffic statistics tags: - Policy, Networking, Connectivity, Segment, Intersite-Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/mac-table: get: consumes: - application/json description: | Returns MAC table for a segment operationId: GetTier1SegmentMacTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMacAddressListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 segment MAC table tags: - Policy, Networking, Connectivity, Segment, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/mac-table?format=csv: get: consumes: - application/json description: | Returns MAC table for a segment operationId: GetTier1SegmentMacTableInCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/MacAddressCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 segment MAC table in CSV tags: - Policy, Networking, Connectivity, Segment, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports: get: consumes: - application/json description: | List all the ports for a Tier-1 segment. operationId: ListTier1SegmentPorts parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 segment ports tags: - Policy, Networking, Connectivity, Segments, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}: get: consumes: - application/json description: | Get detail information on a Tier-1 segment port by giving ID. operationId: GetTier1SegmentPort parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPort' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 segment port by ID tags: - Policy, Networking, Connectivity, Segments, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/mac-table: get: consumes: - application/json description: | Returns MAC table for a segment port operationId: GetTier1SegmentPortMacTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortMacAddressListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get MAC table for tier-1 segment port tags: - Policy, Networking, Connectivity, Segment, Ports, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/mac-table?format=csv: get: consumes: - application/json description: | Returns MAC table for a segment port operationId: GetTier1SegmentPortMacTableInCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortMacAddressCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment port MAC table in CSV tags: - Policy, Networking, Connectivity, Segment, Ports, MAC Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Port Discovery Profile Binding Maps in current port id. operationId: ListPortDiscoveryBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-discovery-profile-binding-maps/{port-discovery-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port Discovery Profile Binding Map operationId: GetPortDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port Discovery Profile Binding Map ID in: path name: port-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Port Monitoring Profile Binding Maps in current port id. operationId: ListPortMonitoringBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port Monitoring Profile Binding Map. operationId: GetPortMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port Monitoring Profile Binding Map ID in: path name: port-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id}/mirror-stack-status : get: consumes: - application/json description: | API will get mirror stack status by Port Monitoring Profile Binding Map. operationId: GetPortMonitoringBindingMirrorStackStatus parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - in: path name: port-monitoring-profile-binding-map-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Binding map path enforcemnt point path to remote L3 mirror session in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MirrorStackStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get mirror stack status for Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Port QoS Profile Binding Maps in current port id. operationId: ListPortQoSBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps/{port-qos-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port QoS Profile Binding Map. operationId: GetPortQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port QoS Profile Binding Map ID in: path name: port-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps: get: consumes: - application/json description: | API will list all port security profile binding maps. operationId: ListPortSecurityProfileBindings parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List port security profile binding maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps/{port-security-profile-binding-map-id} : get: consumes: - application/json description: | API will return details of the port security profile binding map. If the security profile binding map does not exist, it will return 404. operationId: GetPortSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: |- port security profile binding map id in: path name: port-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get port security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/state: get: consumes: - application/json description: | Returns tier-1 segment port state on enforcement point operationId: GetTier1SegmentPortState parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment port state tags: - Policy, Networking, Connectivity, Segment, Ports, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment Discovery Profile Binding Maps in current segment id. operationId: ListSegmentDiscoveryBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-discovery-profile-binding-maps/{segment-discovery-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Discovery Profile Binding Profile operationId: DeleteSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Discovery Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding get: consumes: - application/json description: | API will get Segment Discovery Profile Binding Map operationId: GetSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding patch: consumes: - application/json description: |- API will create Segment Discovery Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: PatchSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding put: consumes: - application/json description: |- API will update Segment Discovery Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: UpdateSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Discovery Profile Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment Monitoring Profile Binding Maps in current segment id. operationId: ListSegmentMonitoringBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Monitoring Profile Binding Profile. operationId: DeleteSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Monitoring Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Segment Monitoring Profile Binding Map. operationId: GetSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create segment monitoring profile binding map. operationId: PatchSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Segment Monitoring Profile Binding Map. operationId: UpdateSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id}/mirror-stack-status : get: consumes: - application/json description: | API will get mirror stack status by Segment Monitoring Profile Binding Map. operationId: GetSegmentMonitoringBindingMirrorStackStatus parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: segment-monitoring-profile-binding-map-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Binding map path enforcemnt point path to remote L3 mirror session in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MirrorStackStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get mirror stack status for Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment Profiles, Monitoring Profile Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment QoS Profile Binding Maps in current segment id. operationId: ListSegmentQoSBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-qos-profile-binding-maps/{segment-qos-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment QoS Profile Binding Profile. operationId: DeleteSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment QoS Profile Binding Profile tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding get: consumes: - application/json description: | API will get Segment QoS Profile Binding Map. operationId: GetSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding patch: consumes: - application/json description: |- API will create segment QoS profile binding map. For objects with no binding maps, default profile is applied. operationId: PatchSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding put: consumes: - application/json description: |- API will update Segment QoS Profile Binding Map. For objects with no binding maps, default profile is applied. operationId: UpdateSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, QOS Profile Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-security-profile-binding-maps: get: consumes: - application/json description: | API will list all segment security profile binding maps. operationId: ListSegmentSecurityProfileBindings parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List segment security profile binding maps tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-security-profile-binding-maps/{segment-security-profile-binding-map-id} : delete: consumes: - application/json description: | API will delete segment security profile binding map. operationId: DeleteSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding get: consumes: - application/json description: | API will return details of the segment security profile binding map. If the binding map does not exist, it will return 404. operationId: GetSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding patch: consumes: - application/json description: | Create a new segment security profile binding map if the given security profile binding map does not exist. Otherwise, patch the existing segment security profile binding map. For objects with no binding maps, default profile is applied. operationId: PatchSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding put: consumes: - application/json description: | API will create or replace segment security profile binding map. For objects with no binding maps, default profile is applied. operationId: CreateOrUpdateSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace segment security profile binding map tags: - Policy, Networking, Connectivity, Segments, Segment Profiles, Segment Security Profile Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/static-arp: delete: consumes: - application/json description: |- Delete static ARP config operationId: DeleteStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete static ARP config tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read static ARP config operationId: ReadStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticARPConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read static ARP config tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | Create static ARP config with Tier-1 and segment IDs provided if it doesn't exist, update with provided config if it's already created. operationId: PatchStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: StaticARPConfig required: true schema: $ref: '#/definitions/StaticARPConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a static ARP config tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | Create static ARP config with Tier-1 and segment IDs provided if it doesn't exist, update with provided config if it's already created. operationId: CreateOrReplaceStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: StaticARPConfig required: true schema: $ref: '#/definitions/StaticARPConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticARPConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a static ARP config tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/tep-table: get: consumes: - application/json description: | Returns TEP table for a segment operationId: GetTier1SegmentTepTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTepListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment TEP table tags: - Policy, Networking, Connectivity, Segment, Tep Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/tep-table?format=csv: get: consumes: - application/json description: | Returns TEP table for a segment in CSV operationId: GetTier1SegmentTepTableInCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string - description: TransportNode Id in: query name: transport_node_id required: false type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/PolicyTepCsvListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment TEP table in CSV tags: - Policy, Networking, Connectivity, Segment, Tep Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}?force=true: delete: consumes: - application/json description: | Force delete bypasses validations during segment deletion. This may result in an inconsistent connectivity. operationId: ForceDeleteSegmentTrue parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Force delete segment tags: - Policy, Networking, Connectivity, Segments, Segments (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/ports/{port-id}/statistics: get: consumes: - application/json description: | Get tier-1 segment port statistics information. operationId: GetSegmentPortStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment port statistics information tags: - Policy, Networking, Connectivity, Segments, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/state: get: consumes: - application/json description: | Get tier1 segment state information. operationId: GetSegmentState parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment state information tags: - Policy, Networking, Connectivity, Segments, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/statistics: get: consumes: - application/json description: | Get tier1 segment statistics information. operationId: GetSegmentStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment statistics information tags: - Policy, Networking, Connectivity, Segments, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/state: get: consumes: - application/json description: | Returns operationId: GetTier1State parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Interface path for interface specific state such as IPv6 DAD state in: query name: interface_path type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1GatewayState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier1 state tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/static-routes: get: consumes: - application/json description: | Paginated list of all Tier-1 Static Routes operationId: ListTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 Static Routes tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/static-routes/{route-id}: delete: consumes: - application/json description: |- Delete Tier-1 static routes operationId: DeleteTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 static routes operationId: ReadTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, update static routes for route-id. operationId: PatchTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, replace the static routes for route-id. operationId: CreateOrReplaceTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier-1 Gateways, Routing, Static Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier1-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-1 Logical Router. operationId: DeleteTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-1 Logical Router. operationId: GetTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router. operationId: PatchTier1FloodProtectionProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router. operationId: UpdateTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-1s/{tier1-id}/locale-services/{locale-services-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-1 Logical Router LocaleServices. operationId: DeleteTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices. operationId: GetTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router LocaleServices. operationId: PatchTier1LocaleServicesFloodProtectionProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router LocaleServices. operationId: UpdateTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Flood Protection Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-1s/{tier1-id}/locale-services/{locale-services-id}/session-timer-profile-bindings/{session-timer-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-1 Logical Router LocaleServices. operationId: DeleteTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices. operationId: GetTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router LocaleServices. operationId: PatchTier1LocaleServicesSessionTimerProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router LocaleServices. operationId: UpdateTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-1s/{tier1-id}/session-timer-profile-bindings/{session-timer-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-1 Logical Router. operationId: DeleteTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-1 Logical Router. operationId: GetTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router. operationId: PatchTier1SessionTimerProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router. operationId: UpdateTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security Profiles, Session Timer Profile Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/upgrade-summary: get: consumes: - application/json description: | API will return high level summary of Upgrade across various sites. operationId: GetFederationUpgradeSummary parameters: - description: Filter on site current_version in: query name: current_version required: false type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FederationUpgradeSummaryListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Upgrade summary tags: - Federation, Infra, Global Managers x-vmw-nsx-module: FederationUpgrade /global-infra/virtual-machine-group-associations: get: consumes: - application/json description: | Get policy groups for which the given VM is a member. operationId: GetGroupsForVM parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Virtual machine external ID in: query name: vm_external_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given VM is a member tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/virtual-network-interface-group-associations: get: consumes: - application/json description: | Get policy groups for which the given VIF is a member. operationId: GetGroupsForVIF parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Virtual network interface external ID in: query name: vif_external_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given VIF is a member tags: - Policy, Inventory, Groups, Group Members x-vmw-nsx-module: PolicyGroupRealization /gm-operational-state: get: consumes: - application/json description: | Global Manager operation state includes the current status, switchover status of global manager nodes if any, errors if any and consolidated status of the operation. operationId: GetGmOperationalState produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GmOperationalState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Global Managed operational state tags: - Federation, Infra, Global Managers x-vmw-nsx-module: GmOperationalState /search/dsl: get: consumes: - application/json description: |- DSL (Domain Specific Language) search API operationId: DslSearch parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Search query in: query name: query required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SearchResponse' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- DSL (Domain Specific Language) search API tags: - Search, Search API x-vmw-nsx-module: Search /search/query: get: consumes: - application/json description: |- Full text search API operationId: QuerySearch parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Search query in: query name: query required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SearchResponse' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Full text search API tags: - Search, Search API x-vmw-nsx-module: Search /system-config/nsx-partial-patch-config: get: consumes: - application/json description: | Get Configuration values for nsx-partial-patch. By default partial patch is disbaled (i.e false). operationId: GetPartialPatchConfiguration produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PartialPatchConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch the policy partial patch configuration value. tags: - Policy, System Configuration, NSX Partial Patch x-vmw-nsx-module: PolicySystemConfig patch: consumes: - application/json description: | Update partial patch configuration values. Only boolean value is allowed for enable_partial_patch operationId: updatePartialPatchConfig parameters: - in: body name: PartialPatchConfig required: true schema: $ref: '#/definitions/PartialPatchConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Saves the configuration for policy partial patch tags: - Policy, System Configuration, NSX Partial Patch x-vmw-nsx-module: PolicySystemConfig /trust-management: get: consumes: - application/json description: |- Returns information about the supported algorithms and key sizes. operationId: GetTrustObjects produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TrustManagementData' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the Properties of a Trust Manager tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/certificate-profile/{service-type}: get: consumes: - application/json description: | Get an available certificate profile operationId: GetCertificateProfile parameters: - description: |- Unique Service Type of the Certificate Profile in: path name: service-type required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CertificateProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the certificate profile for the given service type tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificate-profiles: get: consumes: - application/json description: |- Return the list of certificate profiles. | operationId: ListCertificateProfiles produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CertificateProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the list of certificate profiles. | tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates: get: consumes: - application/json description: | Returns all certificate information viewable by the user, including each certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetCertificates parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CertificateList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All the User-Facing Components' Certificates tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates/{cert-id}: delete: consumes: - application/json description: | Removes the specified certificate. The private key associated with the certificate is also deleted. operationId: DeleteCertificate parameters: - description: |- ID of certificate to delete in: path name: cert-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Certificate for the Given Certificate ID tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: | Returns information for the specified certificate ID, including the certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetCertificate parameters: - description: |- ID of certificate to read in: path name: cert-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Certificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show Certificate Data for the Given Certificate ID tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates/{cert-id}?action=apply_certificate: post: consumes: - application/json description: | Look up the Certificate Profile matching the service-type and apply the certificate. When the Certificate Profile has cluster_certificate=false, the node_id parameter is required to designate the node where the certificate needs to be applied. operationId: ApplyCertificateApply_certificate parameters: - description: |- ID of certificate to apply in: path name: cert-id required: true type: string - description: Node Id in: query maxLength: 255 name: node_id required: false type: string - description: Supported service types, that are using certificates. enum: - MGMT_CLUSTER - MGMT_PLANE - API - NOTIFICATION_COLLECTOR - SYSLOG_SERVER - RSYSLOG_CLIENT - APH - GLOBAL_MANAGER - LOCAL_MANAGER - CLIENT_AUTH - RMQ in: query name: service_type required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Apply a certificate for a CertificateProfile x-vmw-nsx-module: CertificateManager /trust-management/certificates/{cert-id}?action=validate: get: consumes: - application/json description: | Checks whether certificate is valid. When the certificate contains a chain, the full chain is validated. The usage parameter can be SERVER (default) or CLIENT. This indicates whether the certificate needs to be validated as a server-auth or a client-auth certificate. operationId: ValidateCertificateValidate parameters: - description: |- ID of certificate to validate in: path name: cert-id required: true type: string - description: Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER enum: - SERVER - CLIENT in: query name: usage required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CertificateCheckingStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Validate a certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates?action=import: post: consumes: - application/json description: | Adds a new private-public certificate or a chain of certificates (CAs) and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. operationId: AddCertificateImport parameters: - in: body name: TrustObjectData required: true schema: $ref: '#/definitions/TrustObjectData' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/CertificateList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates?action=set_appliance_proxy_certificate_for_inter_site_communication: post: consumes: - application/json description: | Set a certificate that has been imported to be the Appliance Proxy certificate used for communicating with Appliance Proxies on other sites. operationId: SetInterSiteAphCertificateSet_appliance_proxy_certificate_for_inter_site_communication parameters: - in: body name: SetInterSiteAphCertificateRequest required: true schema: $ref: '#/definitions/SetInterSiteAphCertificateRequest' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Set a certificate as the Appliance Proxy certificate to be used in inter-site communication tags: - System Administration, Settings, Certificates, Certificate x-vmw-nsx-module: CertificateManager /trust-management/certificates?action=set_pi_certificate_for_federation: post: consumes: - application/json description: | Set a certificate that has been imported to be either the principal identity certificate for the local cluster with either GM or LM service type. Currently, the service type specified must match the current service type of the local cluster. operationId: SetPrincipalIdentityCertificateForFederationSet_pi_certificate_for_federation parameters: - in: body name: SetPrincipalIdentityCertificateForFederationRequest required: true schema: $ref: '#/definitions/SetPrincipalIdentityCertificateForFederationRequest' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Set a certificate as a GM or LM Principal Identity certificate x-vmw-nsx-module: CertificateManager /trust-management/crl-distribution-points: get: consumes: - application/json description: |- Return the list of CrlDistributionPoints operationId: ListCrlDistributionPoints parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CrlDistributionPointList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the list of CrlDistributionPoints tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager post: consumes: - application/json description: | Create an entity that will represent a Crl Distribution Point operationId: CreateCrlDistributionPoint parameters: - in: body name: CrlDistributionPoint required: true schema: $ref: '#/definitions/CrlDistributionPoint' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/CrlDistributionPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a Crl Distribution Point tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager /trust-management/crl-distribution-points/pem-file: post: consumes: - application/json description: |- Return stored CRL in PEM format operationId: GetCrlDistributionPointPem parameters: - in: body name: CrlPemRequestType required: true schema: $ref: '#/definitions/CrlPemRequestType' produces: - text/plain;charset=UTF-8 responses: '200': description: OK schema: type: string '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return stored CRL in PEM format tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager /trust-management/crl-distribution-points/{crl-distribution-point-id}: delete: consumes: - application/json description: | Delete a CrlDistributionPoint. It does not delete the actual CRL. operationId: DeleteCrlDistributionPoint parameters: - description: |- Unique id of the CrlDistributionPoint to delete in: path name: crl-distribution-point-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a CrlDistributionPoint tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: |- Return the CrlDistributionPoint with operationId: GetCrlDistributionPoint parameters: - in: path name: crl-distribution-point-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CrlDistributionPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the CrlDistributionPoint with tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager put: consumes: - application/json description: | Update CrlDistributionPoint with This allows updating the ManagedResource fields. operationId: UpdateCrlDistributionPoint parameters: - in: path name: crl-distribution-point-id required: true type: string - in: body name: CrlDistributionPoint required: true schema: $ref: '#/definitions/CrlDistributionPoint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CrlDistributionPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Update CrlDistributionPoint with This allows updating the ManagedResource fields. tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager /trust-management/crl-distribution-points/{crl-distribution-point-id}/status: get: consumes: - application/json description: |- Return the status of the CrlDistributionPoint operationId: GetCrlDistributionPointStatus parameters: - in: path name: crl-distribution-point-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CrlDistributionPointStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the status of the CrlDistributionPoint tags: - System Administration, Settings, Certificates, CRL x-vmw-nsx-module: CertificateManager /trust-management/crls: get: consumes: - application/json description: | Returns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetCrls parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CrlList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All Added CRLs tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/crls/{crl-id}: delete: consumes: - application/json description: |- Deletes an existing CRL. operationId: DeleteCrl parameters: - description: |- ID of CRL to delete in: path name: crl-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a CRL tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: | Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetCrl parameters: - description: |- ID of CRL to read in: path name: crl-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Crl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show CRL Data for the Given CRL ID tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager put: consumes: - application/json description: |- Updates an existing CRL. operationId: UpdateCrl parameters: - description: |- ID of CRL to update in: path name: crl-id required: true type: string - in: body name: Crl required: true schema: $ref: '#/definitions/Crl' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Crl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update CRL for the Given CRL ID tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/crls?action=import: post: consumes: - application/json description: | Adds a new certificate revocation list (CRL). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. operationId: AddCrlImport parameters: - in: body name: CrlObjectData required: true schema: $ref: '#/definitions/CrlObjectData' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/CrlList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate Revocation List tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/csrs: get: consumes: - application/json description: |- Returns information about all of the CSRs that have been created. operationId: GetCsrs parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CsrList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All the Generated CSRs tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager post: consumes: - application/json description: | Creates a new certificate signing request (CSR). A CSR is encrypted text that contains information about your organization (organization name, country, and so on) and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. operationId: GenerateCsr parameters: - in: body name: Csr required: true schema: $ref: '#/definitions/Csr' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/Csr' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Generate a New Certificate Signing Request tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/csrs/{csr-id}: delete: consumes: - application/json description: | Removes a specified CSR. If a CSR is not used for verification, you can delete it. Note that the CSR import and upload POST actions automatically delete the associated CSR. operationId: DeleteCsr parameters: - description: |- ID of CSR to delete in: path name: csr-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a CSR tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: |- Returns information about the specified CSR. operationId: GetCsr parameters: - description: |- ID of CSR to read in: path name: csr-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Csr' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show CSR Data for the Given CSR ID tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/csrs/{csr-id}/pem-file: get: consumes: - application/json description: |- Downloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. operationId: GetCsrPem parameters: - description: |- ID of CSR to read in: path name: csr-id required: true type: string produces: - text/plain;charset=UTF-8 responses: '200': description: OK schema: type: string '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get CSR PEM File for the Given CSR ID tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/csrs/{csr-id}?action=import: post: consumes: - application/json description: | Imports a certificate authority (CA)-signed certificate for a CSR. This action links the certificate to the private key created by the CSR. The pem_encoded string in the request body is the signed certificate provided by your CA in response to the CSR that you provide to them. The import POST action automatically deletes the associated CSR. operationId: ImportCertificateImport parameters: - description: |- CSR this certificate is associated with in: path name: csr-id required: true type: string - in: body name: TrustObjectData required: true schema: $ref: '#/definitions/TrustObjectData' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/CertificateList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Import a Certificate Associated with an Approved CSR tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/csrs/{csr-id}?action=self_sign: post: consumes: - application/json description: | Self-signs the previously generated CSR. This action is similar to the import certificate action, but instead of using a public certificate signed by a CA, the self_sign POST action uses a certificate that is signed with NSX's own private key. For validity, if a value greater than 825 days is provided, it will be set to 825 days. operationId: SelfSignCertificateSelf_sign parameters: - description: |- CSR this certificate is associated with in: path name: csr-id required: true type: string - default: 825 description: Number of days the certificate will be valid, default 825 days format: int64 in: query maximum: 10000 minimum: 1 name: days_valid required: true type: integer produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/Certificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Self-Sign the CSR tags: - System Administration, Settings, Certificates, CSR x-vmw-nsx-module: CertificateManager /trust-management/oidc-uris: get: consumes: - application/json description: |- Return the list of OpenID Connect end-points. operationId: ListOidcEndPoints produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/OidcEndPointListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the list of OpenID Connect end-points. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager post: consumes: - application/json description: | This request also fetches the issuer and jwks_uri meta-data from the OIDC end-point and stores it. operationId: AddOidcEndPoint parameters: - in: body name: OidcEndPoint required: true schema: $ref: '#/definitions/OidcEndPoint' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/OidcEndPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': description: Internal Server Error '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add an OpenID Connect end-point. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/oidc-uris/{id}: get: consumes: - application/json description: | When ?refresh=true is added to the request, the meta-data is newly fetched from the OIDC end-point. operationId: GetOidcEndPoint parameters: - in: path name: id required: true type: string - default: false description: Refresh meta-data in: query name: refresh required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/OidcEndPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get an OpenID Connect end-point. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/oidc-uris?action=update_thumbprint: post: consumes: - application/json description: | Update a OpenID Connect end-point's thumbprint used to connect to the oidc_uri through SSL operationId: UpdateOidcEndPointThumbprintUpdate_thumbprint parameters: - in: body name: UpdateOidcEndPointThumbprintRequest required: true schema: $ref: '#/definitions/UpdateOidcEndPointThumbprintRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/OidcEndPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update a OpenID Connect end-point's thumbprint tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/principal-identities: get: consumes: - application/json description: |- Returns the list of principals registered with a certificate. operationId: GetPrincipalIdentities produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrincipalIdentityList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the list of principal identities tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager post: consumes: - application/json description: | Associates a principal's name with a certificate that is used to authenticate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. Deprecated, use POST /trust-management/principal-identities/with-certificate instead. operationId: RegisterPrincipalIdentity parameters: - in: body name: PrincipalIdentity required: true schema: $ref: '#/definitions/PrincipalIdentity' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/PrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Register a name-certificate combination. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/principal-identities/with-certificate: post: consumes: - application/json description: | Create a principal identity with a new, unused, certificate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. operationId: RegisterPrincipalIdentityWithCertificate parameters: - in: body name: PrincipalIdentityWithCertificate required: true schema: $ref: '#/definitions/PrincipalIdentityWithCertificate' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/PrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Register a name-certificate combination. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/principal-identities/{principal-identity-id}: delete: consumes: - application/json description: | Delete a principal identity. It does not delete the certificate. operationId: DeletePrincipalIdentity parameters: - description: |- Unique id of the principal identity to delete in: path name: principal-identity-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a principal identity tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: | Get a stored principal identity operationId: GetPrincipalIdentity parameters: - description: |- ID of the principal identity to get in: path name: principal-identity-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get a principal identity tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/principal-identities?action=update_certificate: post: consumes: - application/json description: | Update a principal identity's certificate operationId: UpdatePrincipalIdentityCertificateUpdate_certificate parameters: - in: body name: UpdatePrincipalIdentityCertificateRequest required: true schema: $ref: '#/definitions/UpdatePrincipalIdentityCertificateRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update a principal identity's certificate tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/token-principal-identities: get: consumes: - application/json description: |- Return the list of token-based principal identities. | These don't have certificate or role information. operationId: ListTokenBasedPrincipalIdentities produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TokenBasedPrincipalIdentityListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return the list of token-based principal identities. | These don't have certificate or role information. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager post: consumes: - application/json description: | Register a principal identity that is going to be authenticated through a token. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. operationId: RegisterTokenBasedPrincipalIdentity parameters: - in: body name: TokenBasedPrincipalIdentity required: true schema: $ref: '#/definitions/TokenBasedPrincipalIdentity' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/TokenBasedPrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Register a token-based principal identity. tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /trust-management/token-principal-identities/{principal-identity-id}: delete: consumes: - application/json description: | Delete a token-based principal identity. operationId: DeleteTokenBasedPrincipalIdentity parameters: - description: |- Unique id of the token-based principal identity to delete in: path name: principal-identity-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a token-based principal identity tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager get: consumes: - application/json description: | Get a stored token-based principal identity operationId: GetTokenBasedPrincipalIdentity parameters: - description: |- ID of the principal identity to get in: path name: principal-identity-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TokenBasedPrincipalIdentity' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get a token-based principal identity tags: - System Administration, Settings, User Management, Principal Identity x-vmw-nsx-module: CertificateManager /ui-views: get: consumes: - application/json description: | If no query params are specified then all the views entitled for the user are returned. The views to which a user is entitled to include the views created by the user and the shared views. operationId: ListViews parameters: - description: The tag for which associated views to be queried. in: query name: tag type: string - description: Ids of the Views in: query maxLength: 8192 name: view_ids type: string - description: Id of widget configuration in: query maxLength: 255 name: widget_id type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ViewList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the Views based on query criteria defined in ViewQueryParameters. tags: - System Administration, Monitoring, Dashboards, UI Views x-vmw-nsx-module: NsxDashboard post: consumes: - application/json description: |- Creates a new View. operationId: CreateView parameters: - in: body name: View required: true schema: $ref: '#/definitions/View' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Creates a new View. tags: - System Administration, Monitoring, Dashboards, UI Views x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}: delete: consumes: - application/json description: |- Delete View operationId: DeletView parameters: - in: path name: view-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete View tags: - System Administration, Monitoring, Dashboards, UI Views x-vmw-nsx-module: NsxDashboard get: consumes: - application/json description: | Returns Information about a specific View. operationId: GetView parameters: - in: path name: view-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns View Information tags: - System Administration, Monitoring, Dashboards, UI Views x-vmw-nsx-module: NsxDashboard put: consumes: - application/json description: |- Update View operationId: UpdateView parameters: - in: path name: view-id required: true type: string - in: body name: View required: true schema: $ref: '#/definitions/View' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update View tags: - System Administration, Monitoring, Dashboards, UI Views x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}/widgetconfigurations: get: consumes: - application/json description: | If no query params are specified then all the Widget Configurations of the specified view are returned. operationId: ListWidgetConfigurations parameters: - in: path name: view-id required: true type: string - description: Id of the container in: query maxLength: 255 name: container type: string - description: Ids of the WidgetConfigurations in: query maxLength: 8192 name: widget_ids type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfigurationList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the Widget Configurations based on query criteria defined in WidgetQueryParameters. tags: - System Administration, Monitoring, Dashboards, Widget Configuration x-vmw-nsx-module: NsxDashboard post: consumes: - application/json description: | Creates a new Widget Configuration and adds it to the specified view. Supported resource_types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration and ContainerConfiguration. Note: Expressions should be given in a single line. If an expression spans multiple lines, then form the expression in a single line. For label-value pairs, expressions are evaluated as follows: a. First, render configurations are evaluated in their order of appearance in the widget config. The 'field' is evaluated at the end. b. Second, when render configuration is provided then the order of evaluation is 1. If expressions provided in 'condition' and 'display value' are well-formed and free of runtime-errors such as 'null pointers' and evaluates to 'true'; Then remaining render configurations are not evaluated, and the current render configuration's 'display value' is taken as the final value. 2. If expression provided in 'condition' of render configuration is false, then next render configuration is evaluated. 3. Finally, 'field' is evaluated only when every render configuration evaluates to false and no error occurs during steps 1 and 2 above. If an error occurs during evaluation of render configuration, then an error message is shown. The display value corresponding to that label is not shown and evaluation of the remaining render configurations continues to collect and show all the error messages (marked with the 'Label' for identification) as 'Error_Messages: {}'. If during evaluation of expressions for any label-value pair an error occurs, then it is marked with error. The errors are shown in the report, along with the label value pairs that are error-free. Important: For elements that take expressions, strings should be provided by escaping them with a back-slash. These elements are - condition, field, tooltip text and render_configuration's display_value. operationId: CreateWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: body name: WidgetConfiguration required: true schema: $ref: '#/definitions/WidgetConfiguration' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Creates a new Widget Configuration. tags: - System Administration, Monitoring, Dashboards, Widget Configuration x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id}: delete: consumes: - application/json description: | Detaches widget from a given view. If the widget is no longer part of any view, then it will be purged. operationId: DeleteWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Widget Configuration tags: - System Administration, Monitoring, Dashboards, Widget Configuration x-vmw-nsx-module: NsxDashboard get: consumes: - application/json description: | Returns Information about a specific Widget Configuration. operationId: GetWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns Widget Configuration Information tags: - System Administration, Monitoring, Dashboards, Widget Configuration x-vmw-nsx-module: NsxDashboard put: consumes: - application/json description: | Updates the widget at the given view. If the widget is referenced by other views, then the widget will be updated in all the views that it is part of. operationId: UpdateWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string - in: body name: WidgetConfiguration required: true schema: $ref: '#/definitions/WidgetConfiguration' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Widget Configuration tags: - System Administration, Monitoring, Dashboards, Widget Configuration x-vmw-nsx-module: NsxDashboard /upgrade/version-whitelist: get: consumes: - application/json description: |- Get whitelist of versions for different components operationId: GetVersionWhitelist produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AcceptableComponentVersionList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the version whitelist tags: - System Administration, Lifecycle Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist /upgrade/version-whitelist/{component_type}: get: consumes: - application/json description: |- Get whitelist of versions for a component. Component can include HOST, EDGE, CCP, MP operationId: GetVersionWhitelistByComponent parameters: - in: path name: component_type required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AcceptableComponentVersion' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the version whitelist for the specified component tags: - System Administration, Lifecycle Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist put: consumes: - application/json description: |- Update the version whitelist for the specified component type (HOST, EDGE, CCP, MP). operationId: UpdateVersionWhitelist parameters: - in: path name: component_type required: true type: string - in: body name: VersionList required: true schema: $ref: '#/definitions/VersionList' produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the version whitelist for the specified component type tags: - System Administration, Lifecycle Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist definitions: ALBAnalyticsPolicy: description: |- Advanced load balancer AnalyticsPolicy object properties: all_headers: default: false description: | Log all headers. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- All headers type: boolean client_insights: default: NO_INSIGHTS description: | Gain insights from sampled client to server HTTP requests and responses. Enum options - NO_INSIGHTS, PASSIVE, ACTIVE. Default value when not specified in API or module is interpreted by ALB Controller as NO_INSIGHTS. enum: - NO_INSIGHTS - PASSIVE - ACTIVE type: string client_insights_sampling: $ref: '#/definitions/ALBClientInsightsSampling' description: | Placeholder for description of property client_insights_sampling of obj type AnalyticsPolicy field type str type ref. title: |- Client insights sampling client_log_filters: description: | Placeholder for description of property client_log_filters of obj type AnalyticsPolicy field type str type array. items: $ref: '#/definitions/ALBClientLogFilter' title: |- Client log filters type: array full_client_logs: $ref: '#/definitions/ALBFullClientLogs' description: | Placeholder for description of property full_client_logs of obj type AnalyticsPolicy field type str type ref. title: |- Full client logs metrics_realtime_update: $ref: '#/definitions/ALBMetricsRealTimeUpdate' description: | Settings to turn on realtime metrics and set duration for realtime updates. title: |- Metrics realtime update significant_log_throttle: default: 10 description: | This setting limits the number of significant logs generated per second for this VS on each SE. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 title: |- Significant log throttle type: integer udf_log_throttle: default: 10 description: | This setting limits the total number of UDF logs generated per second for this VS on each SE. UDF logs are generated due to the configured client log filters or the rules with logging enabled. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 title: |- Udf log throttle type: integer title: |- AnalyticsPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAnalyticsProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: apdex_response_threshold: default: 500 description: | If a client receives an HTTP response in less than the Satisfactory Latency Threshold, the request is considered Satisfied. It is considered Tolerated if it is not Satisfied and less than Tolerated Latency Factor multiplied by the Satisfactory Latency Threshold. Greater than this number and the client's request is considered Frustrated. Allowed values are 1-30000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 500. format: int64 maximum: 30000 minimum: 1 title: |- Apdex response threshold type: integer apdex_response_tolerated_factor: default: 4.0 description: | Client tolerated response latency factor. Client must receive a response within this factor times the satisfactory threshold (apdex_response_threshold) to be considered tolerated. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Apdex response tolerated factor type: number apdex_rtt_threshold: default: 250 description: | Satisfactory client to Avi Round Trip Time(RTT). Allowed values are 1-2000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 250. format: int64 maximum: 2000 minimum: 1 title: |- Apdex rtt threshold type: integer apdex_rtt_tolerated_factor: default: 4.0 description: | Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Apdex rtt tolerated factor type: number apdex_rum_threshold: default: 5000 description: | If a client is able to load a page in less than the Satisfactory Latency Threshold, the PageLoad is considered Satisfied. It is considered tolerated if it is greater than Satisfied but less than the Tolerated Latency multiplied by Satisifed Latency. Greater than this number and the client's request is considered Frustrated. A PageLoad includes the time for DNS lookup, download of all HTTP objects, and page render time. Allowed values are 1-30000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 5000. format: int64 maximum: 30000 minimum: 1 title: |- Apdex rum threshold type: integer apdex_rum_tolerated_factor: default: 4.0 description: | Virtual service threshold factor for tolerated Page Load Time (PLT) as multiple of apdex_rum_threshold. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Apdex rum tolerated factor type: number apdex_server_response_threshold: default: 400 description: | A server HTTP response is considered Satisfied if latency is less than the Satisfactory Latency Threshold. The response is considered tolerated when it is greater than Satisfied but less than the Tolerated Latency Factor (STAR) S_Latency. Greater than this number and the server response is considered Frustrated. Allowed values are 1-30000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 400. format: int64 maximum: 30000 minimum: 1 title: |- Apdex server response threshold type: integer apdex_server_response_tolerated_factor: default: 4.0 description: | Server tolerated response latency factor. Servermust response within this factor times the satisfactory threshold (apdex_server_response_threshold) to be considered tolerated. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Apdex server response tolerated factor type: number apdex_server_rtt_threshold: default: 125 description: | Satisfactory client to Avi Round Trip Time(RTT). Allowed values are 1-2000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 125. format: int64 maximum: 2000 minimum: 1 title: |- Apdex server rtt threshold type: integer apdex_server_rtt_tolerated_factor: default: 4.0 description: | Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Apdex server rtt tolerated factor type: number client_log_config: $ref: '#/definitions/ALBClientLogConfiguration' description: | Configure which logs are sent to the Avi Controller from SEs and how they are processed. title: |- Client log config client_log_streaming_config: $ref: '#/definitions/ALBClientLogStreamingConfig' description: |- Configure to stream logs to an external server. title: |- Client log streaming config conn_lossy_ooo_threshold: default: 50 description: | A connection between client and Avi is considered lossy when more than this percentage of out of order packets are received. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 50. format: int64 maximum: 100 minimum: 1 title: |- Conn lossy ooo threshold type: integer conn_lossy_timeo_rexmt_threshold: default: 20 description: | A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted due to timeout. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 100 minimum: 1 title: |- Conn lossy timeo rexmt threshold type: integer conn_lossy_total_rexmt_threshold: default: 50 description: | A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 50. format: int64 maximum: 100 minimum: 1 title: |- Conn lossy total rexmt threshold type: integer conn_lossy_zero_win_size_event_threshold: default: 2 description: | A client connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold. Allowed values are 0-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 100 minimum: 0 title: |- Conn lossy zero win size event threshold type: integer conn_server_lossy_ooo_threshold: default: 50 description: | A connection between Avi and server is considered lossy when more than this percentage of out of order packets are received. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 50. format: int64 maximum: 100 minimum: 1 title: |- Conn server lossy ooo threshold type: integer conn_server_lossy_timeo_rexmt_threshold: default: 20 description: | A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted due to timeout. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 100 minimum: 1 title: |- Conn server lossy timeo rexmt threshold type: integer conn_server_lossy_total_rexmt_threshold: default: 50 description: | A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 50. format: int64 maximum: 100 minimum: 1 title: |- Conn server lossy total rexmt threshold type: integer conn_server_lossy_zero_win_size_event_threshold: default: 2 description: | A server connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold. Allowed values are 0-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 100 minimum: 0 title: |- Conn server lossy zero win size event threshold type: integer enable_adaptive_config: default: true description: | Enable adaptive configuration for optimizing resource usage. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable adaptive config type: boolean enable_advanced_analytics: default: true description: | Enables Advanced Analytics features like Anomaly detection. If set to false, anomaly computation (and associated rules/events) for VS, Pool and Server metrics will be deactivated. However, setting it to false reduces cpu and memory requirements for Analytics subsystem. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable advanced analytics type: boolean enable_ondemand_metrics: default: true description: | Virtual Service (VS) metrics are processed only when there is live data traffic on the VS. In case, VS is idle for a period of time as specified by ondemand_metrics_idle_timeout then metrics processing is suspended for that VS. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable ondemand metrics type: boolean enable_se_analytics: default: true description: | Enable node (service engine) level analytics forvs metrics. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable se analytics type: boolean enable_server_analytics: default: true description: | Enables analytics on backend servers. This may be desired in container environment when there are large number of ephemeral servers. Additionally, no healthscore of servers is computed when server analytics is enabled. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable server analytics type: boolean enable_vs_analytics: default: true description: | Enable VirtualService (frontend) Analytics. This flag enables metrics and healthscore for Virtualservice. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable vs analytics type: boolean exclude_client_close_before_request_as_error: default: false description: | Exclude client closed connection before an HTTP request could be completed from being classified as an error. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude client close before request as error type: boolean exclude_dns_policy_drop_as_significant: default: false description: | Exclude dns policy drops from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude dns policy drop as significant type: boolean exclude_gs_down_as_error: default: false description: | Exclude queries to GSLB services that are operationally down from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude gs down as error type: boolean exclude_http_error_codes: description: | List of HTTP status codes to be excluded from being classified as an error. Error connections or responses impacts health score, are included as significant logs, and may be classified as part of a DoS attack. items: format: int64 type: integer title: |- Exclude http error codes type: array exclude_invalid_dns_domain_as_error: default: false description: | Exclude dns queries to domains outside the domains configured in the DNS application profile from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude invalid dns domain as error type: boolean exclude_invalid_dns_query_as_error: default: false description: | Exclude invalid dns queries from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude invalid dns query as error type: boolean exclude_issuer_revoked_ocsp_responses_as_error: default: true description: | Exclude the Issuer-Revoked OCSP Responses from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Exclude issuer revoked ocsp responses as error type: boolean exclude_no_dns_record_as_error: default: false description: | Exclude queries to domains that did not have configured services/records from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude no dns record as error type: boolean exclude_no_valid_gs_member_as_error: default: false description: | Exclude queries to GSLB services that have no available members from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude no valid gs member as error type: boolean exclude_persistence_change_as_error: default: false description: | Exclude persistence server changed while load balancing' from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude persistence change as error type: boolean exclude_revoked_ocsp_responses_as_error: default: true description: | Exclude the Revoked OCSP certificate status responses from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Exclude revoked ocsp responses as error type: boolean exclude_server_dns_error_as_error: default: false description: | Exclude server dns error response from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude server dns error as error type: boolean exclude_server_tcp_reset_as_error: default: false description: | Exclude server TCP reset from errors. It is common for applications like MS Exchange. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude server tcp reset as error type: boolean exclude_sip_error_codes: description: | List of SIP status codes to be excluded from being classified as an error. items: format: int64 type: integer title: |- Exclude sip error codes type: array exclude_stale_ocsp_responses_as_error: default: true description: | Exclude the Stale OCSP certificate status responses from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Exclude stale ocsp responses as error type: boolean exclude_syn_retransmit_as_error: default: false description: | Exclude 'server unanswered syns' from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude syn retransmit as error type: boolean exclude_tcp_reset_as_error: default: false description: | Exclude TCP resets by client from the list of potential errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude tcp reset as error type: boolean exclude_unavailable_ocsp_responses_as_error: default: true description: | Exclude the unavailable OCSP Responses from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Exclude unavailable ocsp responses as error type: boolean exclude_unsupported_dns_query_as_error: default: false description: | Exclude unsupported dns queries from the list of errors. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exclude unsupported dns query as error type: boolean healthscore_max_server_limit: default: 20 description: | Skips health score computation of pool servers when number of servers in a pool is more than this setting. Allowed values are 0-5000. Special values are 0- 'server health score is deactivated'. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 5000 minimum: 0 title: |- Healthscore max server limit type: integer hs_event_throttle_window: default: 1209600 description: | Time window (in secs) within which only unique health change events should occur. Default value when not specified in API or module is interpreted by ALB Controller as 1209600. format: int64 title: |- Hs event throttle window type: integer hs_max_anomaly_penalty: default: 10 description: | Maximum penalty that may be deducted from health score for anomalies. Allowed values are 0-100. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 100 minimum: 0 title: |- Hs max anomaly penalty type: integer hs_max_resources_penalty: default: 25 description: | Maximum penalty that may be deducted from health score for high resource utilization. Allowed values are 0-100. Default value when not specified in API or module is interpreted by ALB Controller as 25. format: int64 maximum: 100 minimum: 0 title: |- Hs max resources penalty type: integer hs_max_security_penalty: default: 100 description: | Maximum penalty that may be deducted from health score based on security assessment. Allowed values are 0-100. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 100 minimum: 0 title: |- Hs max security penalty type: integer hs_min_dos_rate: default: 1000 description: | DoS connection rate below which the DoS security assessment will not kick in. Default value when not specified in API or module is interpreted by ALB Controller as 1000. format: int64 title: |- Hs min dos rate type: integer hs_performance_boost: default: 0 description: | Adds free performance score credits to health score. It can be used for compensating health score for known slow applications. Allowed values are 0-100. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 100 minimum: 0 title: |- Hs performance boost type: integer hs_pscore_traffic_threshold_l4_client: default: 10.0 description: | Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed. Default value when not specified in API or module is interpreted by ALB Controller as 10.0. title: |- Hs pscore traffic threshold l4 client type: number hs_pscore_traffic_threshold_l4_server: default: 10.0 description: | Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed. Default value when not specified in API or module is interpreted by ALB Controller as 10.0. title: |- Hs pscore traffic threshold l4 server type: number hs_security_certscore_expired: default: 0.0 description: | Score assigned when the certificate has expired. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. title: |- Hs security certscore expired type: number hs_security_certscore_gt30d: default: 5.0 description: | Score assigned when the certificate expires in more than 30 days. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. title: |- Hs security certscore gt30d type: number hs_security_certscore_le07d: default: 2.0 description: | Score assigned when the certificate expires in less than or equal to 7 days. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 2.0. title: |- Hs security certscore le07d type: number hs_security_certscore_le30d: default: 4.0 description: | Score assigned when the certificate expires in less than or equal to 30 days. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. title: |- Hs security certscore le30d type: number hs_security_chain_invalidity_penalty: default: 1.0 description: | Penalty for allowing certificates with invalid chain. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. title: |- Hs security chain invalidity penalty type: number hs_security_cipherscore_eq000b: default: 0.0 description: | Score assigned when the minimum cipher strength is 0 bits. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. title: |- Hs security cipherscore eq000b type: number hs_security_cipherscore_ge128b: default: 5.0 description: | Score assigned when the minimum cipher strength is greater than equal to 128 bits. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. title: |- Hs security cipherscore ge128b type: number hs_security_cipherscore_lt128b: default: 3.5 description: | Score assigned when the minimum cipher strength is less than 128 bits. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 3.5. title: |- Hs security cipherscore lt128b type: number hs_security_encalgo_score_none: default: 0.0 description: | Score assigned when no algorithm is used for encryption. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. title: |- Hs security encalgo score none type: number hs_security_encalgo_score_rc4: default: 2.5 description: | Score assigned when RC4 algorithm is used for encryption. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 2.5. title: |- Hs security encalgo score rc4 type: number hs_security_hsts_penalty: default: 1.0 description: | Penalty for not enabling HSTS. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. title: |- Hs security hsts penalty type: number hs_security_nonpfs_penalty: default: 1.0 description: | Penalty for allowing non-PFS handshakes. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. title: |- Hs security nonpfs penalty type: number hs_security_ocsp_revoked_score: default: 0.0 description: | Score assigned when OCSP Certificate Status is set to Revoked or Issuer Revoked. Allowed values are 0.0-5.0. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. title: |- Hs security ocsp revoked score type: number hs_security_selfsignedcert_penalty: default: 1.0 description: | Deprecated. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. title: |- Hs security selfsignedcert penalty type: number hs_security_ssl30_score: default: 3.5 description: | Score assigned when supporting SSL3.0 encryption protocol. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 3.5. title: |- Hs security ssl30 score type: number hs_security_tls10_score: default: 5.0 description: | Score assigned when supporting TLS1.0 encryption protocol. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. title: |- Hs security tls10 score type: number hs_security_tls11_score: default: 5.0 description: | Score assigned when supporting TLS1.1 encryption protocol. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. title: |- Hs security tls11 score type: number hs_security_tls12_score: default: 5.0 description: | Score assigned when supporting TLS1.2 encryption protocol. Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. title: |- Hs security tls12 score type: number hs_security_tls13_score: description: | Score assigned when supporting TLS1.3 encryption protocol. Allowed values are 0-5. title: |- Hs security tls13 score type: number hs_security_weak_signature_algo_penalty: default: 1.0 description: | Penalty for allowing weak signature algorithm(s). Allowed values are 0-5. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. title: |- Hs security weak signature algo penalty type: number ondemand_metrics_idle_timeout: default: 1800 description: | This flag sets the time duration of no live data traffic after which Virtual Service metrics processing is suspended. It is applicable only when enable_ondemand_metrics is set to false. Unit is SECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 1800. format: int64 title: |- Ondemand metrics idle timeout type: integer ranges: description: | List of HTTP status code ranges to be excluded from being classified as an error. items: $ref: '#/definitions/ALBHTTPStatusRange' title: |- Ranges type: array resp_code_block: description: | Block of HTTP response codes to be excluded from being classified as an error. Enum options - AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX. items: description: |- Valid ENUM values for ALBAnalyticsProfileRespCodeBlock enum: - AP_HTTP_RSP_4XX - AP_HTTP_RSP_5XX type: string title: |- Resp code block type: array sensitive_log_profile: $ref: '#/definitions/ALBSensitiveLogProfile' description: | Rules applied to the HTTP application log for filtering sensitive information. title: |- Sensitive log profile sip_log_depth: default: 20 description: | Maximum number of SIP messages added in logs for a SIP transaction. By default, this value is 20. Allowed values are 1-1000. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 1000 minimum: 1 title: |- Sip log depth type: integer type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer AnalyticsProfile object title: |- AnalyticsProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAnalyticsProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of AnalyticsProfile items: $ref: '#/definitions/ALBAnalyticsProfile' title: |- Array of AnalyticsProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | AnalyticsProfileApiResponse title: |- AnalyticsProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAppCookiePersistenceProfile: description: |- Advanced load balancer AppCookiePersistenceProfile object properties: encryption_key: description: |- Key to use for cookie encryption. title: |- Encryption key type: string prst_hdr_name: description: |- Header or cookie name for application cookie persistence. title: |- Prst hdr name type: string timeout: default: 20 description: | The length of time after a client's connections have closed before expiring the client's persistence to a server. Allowed values are 1-720. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 720 minimum: 1 title: |- Timeout type: integer required: - prst_hdr_name title: |- AppCookiePersistenceProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAppLearningConfidenceOverride: description: |- Advanced load balancer AppLearningConfidenceOverride object properties: confid_high_value: default: 9500 description: | Confidence threshold for label CONFIDENCE_HIGH. Default value when not specified in API or module is interpreted by ALB Controller as 9500. format: int64 title: |- Confid high value type: integer confid_low_value: default: 7500 description: | Confidence threshold for label CONFIDENCE_LOW. Default value when not specified in API or module is interpreted by ALB Controller as 7500. format: int64 title: |- Confid low value type: integer confid_probable_value: default: 9000 description: | Confidence threshold for label CONFIDENCE_PROBABLE. Default value when not specified in API or module is interpreted by ALB Controller as 9000. format: int64 title: |- Confid probable value type: integer confid_very_high_value: default: 9999 description: | Confidence threshold for label CONFIDENCE_VERY_HIGH. Default value when not specified in API or module is interpreted by ALB Controller as 9999. format: int64 title: |- Confid very high value type: integer title: |- AppLearningConfidenceOverride type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAppLearningParams: description: |- Advanced load balancer AppLearningParams object properties: enable_per_uri_learning: default: true description: | Learn the params per URI path. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable per uri learning type: boolean max_params: default: 100 description: | Maximum number of params to learn for an application. Allowed values are 10-1000. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 1000 minimum: 10 title: |- Max params type: integer max_uris: default: 500 description: | Maximum number of URI paths to learn for an application. Allowed values are 10-10000. Default value when not specified in API or module is interpreted by ALB Controller as 500. format: int64 maximum: 10000 minimum: 10 title: |- Max uris type: integer min_hits_to_learn: default: 10000 description: | Minimum number of occurances required for a Param to qualify for learning. Default value when not specified in API or module is interpreted by ALB Controller as 10000. format: int64 title: |- Min hits to learn type: integer sampling_percent: default: 1 description: | Percent of the requests subjected to Application learning. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 100 minimum: 1 title: |- Sampling percent type: integer update_interval: default: 30 description: | Frequency with which SE publishes Application learning data to controller. Allowed values are 1-60. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 maximum: 60 minimum: 1 title: |- Update interval type: integer title: |- AppLearningParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBApplicationPersistenceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: app_cookie_persistence_profile: $ref: '#/definitions/ALBAppCookiePersistenceProfile' description: | Specifies the Application Cookie Persistence profile parameters. title: |- App cookie persistence profile hdr_persistence_profile: $ref: '#/definitions/ALBHdrPersistenceProfile' description: | Specifies the custom HTTP Header Persistence profile parameters. title: |- Hdr persistence profile http_cookie_persistence_profile: $ref: '#/definitions/ALBHttpCookiePersistenceProfile' description: |- Specifies the HTTP Cookie Persistence profile parameters. title: |- Http cookie persistence profile ip_persistence_profile: $ref: '#/definitions/ALBIPPersistenceProfile' description: |- Specifies the Client IP Persistence profile parameters. title: |- Ip persistence profile is_federated: default: false description: | This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is federated type: boolean persistence_type: default: PERSISTENCE_TYPE_CLIENT_IP_ADDRESS description: | Method used to persist clients to the same server for a duration of time or a session. Enum options - PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS, PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE. Default value when not specified in API or module is interpreted by ALB Controller as PERSISTENCE_TYPE_CLIENT_IP_ADDRESS. enum: - PERSISTENCE_TYPE_CLIENT_IP_ADDRESS - PERSISTENCE_TYPE_HTTP_COOKIE - PERSISTENCE_TYPE_TLS - PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS - PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER - PERSISTENCE_TYPE_APP_COOKIE - PERSISTENCE_TYPE_GSLB_SITE type: string server_hm_down_recovery: default: HM_DOWN_PICK_NEW_SERVER description: | Specifies behavior when a persistent server has been marked down by a health monitor. Enum options - HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER. Default value when not specified in API or module is interpreted by ALB Controller as HM_DOWN_PICK_NEW_SERVER. enum: - HM_DOWN_PICK_NEW_SERVER - HM_DOWN_ABORT_CONNECTION - HM_DOWN_CONTINUE_PERSISTENT_SERVER type: string required: - persistence_type type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ApplicationPersistenceProfile object title: |- ApplicationPersistenceProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBApplicationPersistenceProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ApplicationPersistenceProfile items: $ref: '#/definitions/ALBApplicationPersistenceProfile' title: |- Array of ApplicationPersistenceProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ApplicationPersistenceProfileApiResponse title: |- ApplicationPersistenceProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBApplicationProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cloud_config_cksum: description: | Checksum of application profiles. Internally set by cloud connector. title: |- Cloud config cksum type: string created_by: description: |- Name of the application profile creator. title: |- Created by type: string dns_service_profile: $ref: '#/definitions/ALBDnsServiceApplicationProfile' description: | Specifies various DNS service related controls for virtual service. title: |- Dns service profile dos_rl_profile: $ref: '#/definitions/ALBDosRateLimitProfile' description: | Specifies various security related controls for virtual service. title: |- Dos rl profile http_profile: $ref: '#/definitions/ALBHTTPApplicationProfile' description: |- Specifies the HTTP application proxy profile parameters. title: |- Http profile preserve_client_ip: default: false description: | Specifies if client IP needs to be preserved for backend connection. Not compatible with Connection Multiplexing. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Preserve client ip type: boolean preserve_client_port: default: false description: | Specifies if we need to preserve client port while preserving client IP for backend connections. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Preserve client port type: boolean preserve_dest_ip_port: default: false description: | Specifies if destination IP and port needs to be preserved for backend connection. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Preserve dest ip port type: boolean sip_service_profile: $ref: '#/definitions/ALBSipServiceApplicationProfile' description: | Specifies various SIP service related controls for virtual service. title: |- Sip service profile tcp_app_profile: $ref: '#/definitions/ALBTCPApplicationProfile' description: |- Specifies the TCP application proxy profile parameters. title: |- Tcp app profile type: description: | Specifies which application layer proxy is enabled for the virtual service. Enum options - APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL, APPLICATION_PROFILE_TYPE_SIP. enum: - APPLICATION_PROFILE_TYPE_L4 - APPLICATION_PROFILE_TYPE_HTTP - APPLICATION_PROFILE_TYPE_SYSLOG - APPLICATION_PROFILE_TYPE_DNS - APPLICATION_PROFILE_TYPE_SSL - APPLICATION_PROFILE_TYPE_SIP type: string required: - type type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ApplicationProfile object title: |- ApplicationProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBApplicationProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ApplicationProfile items: $ref: '#/definitions/ALBApplicationProfile' title: |- Array of ApplicationProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ApplicationProfileApiResponse title: |- ApplicationProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAttackMitigationAction: description: |- Advanced load balancer AttackMitigationAction object properties: deny: default: true description: | Deny the attack packets further processing and drop them. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Deny type: boolean title: |- AttackMitigationAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthAttributeMatch: description: |- Advanced load balancer AuthAttributeMatch object properties: attribute_name: description: | Attribute name whose values will be looked up in the access lists. title: |- Attribute name type: string attribute_value_list: $ref: '#/definitions/ALBStringMatch' description: | Attribute Values used to determine access when authentication applies. title: |- Attribute value list required: - attribute_value_list - attribute_name title: |- AuthAttributeMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: http: $ref: '#/definitions/ALBAuthProfileHTTPClientParams' description: |- HTTP user authentication params. title: |- Http ldap: $ref: '#/definitions/ALBLdapAuthSettings' description: |- LDAP server and directory settings. title: |- Ldap saml: $ref: '#/definitions/ALBSamlSettings' description: |- SAML settings. title: |- Saml tacacs_plus: $ref: '#/definitions/ALBTacacsPlusAuthSettings' description: |- TACACS+ settings. title: |- Tacacs plus type: description: | Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT. enum: - AUTH_PROFILE_LDAP - AUTH_PROFILE_TACACS_PLUS - AUTH_PROFILE_SAML - AUTH_PROFILE_PINGACCESS - AUTH_PROFILE_JWT type: string required: - type type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer AuthProfile object title: |- AuthProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of AuthProfile items: $ref: '#/definitions/ALBAuthProfile' title: |- Array of AuthProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | AuthProfileApiResponse title: |- AuthProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthProfileHTTPClientParams: description: |- Advanced load balancer AuthProfileHTTPClientParams object properties: cache_expiration_time: default: 5 description: | The max allowed length of time a clients authentication is cached. Allowed values are 1-30. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 5. format: int64 maximum: 30 minimum: 1 title: |- Cache expiration time type: integer request_header: description: | Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID. title: |- Request header type: string require_user_groups: description: | A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com. items: type: string title: |- Require user groups type: array title: |- AuthProfileHTTPClientParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthTacacsPlusAttributeValuePair: description: |- Advanced load balancer AuthTacacsPlusAttributeValuePair object properties: mandatory: description: |- mandatory. title: |- Mandatory type: boolean name: description: |- attribute name. title: |- Name type: string value: description: |- attribute value. title: |- Value type: string title: |- AuthTacacsPlusAttributeValuePair type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthenticationAction: description: |- Advanced load balancer AuthenticationAction object properties: type: default: USE_DEFAULT_AUTHENTICATION description: | Authentication Action to be taken for a matched Rule. Enum options - SKIP_AUTHENTICATION, USE_DEFAULT_AUTHENTICATION. Default value when not specified in API or module is interpreted by ALB Controller as USE_DEFAULT_AUTHENTICATION. enum: - SKIP_AUTHENTICATION - USE_DEFAULT_AUTHENTICATION type: string title: |- AuthenticationAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthenticationMatch: description: |- Advanced load balancer AuthenticationMatch object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- Configure client ip addresses. title: |- Client ip host_hdr: $ref: '#/definitions/ALBHostHdrMatch' description: |- Configure the host header. title: |- Host hdr path: $ref: '#/definitions/ALBPathMatch' description: |- Configure request paths. title: |- Path title: |- AuthenticationMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthenticationPolicy: description: |- Advanced load balancer AuthenticationPolicy object properties: authn_rules: description: |- Add rules to apply auth profile to specific targets. items: $ref: '#/definitions/ALBAuthenticationRule' title: |- Authn rules type: array default_auth_profile_path: description: | Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. title: |- Default auth profile path type: string required: - default_auth_profile_path title: |- AuthenticationPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthenticationRule: description: |- Advanced load balancer AuthenticationRule object properties: action: $ref: '#/definitions/ALBAuthenticationAction' description: |- Enable or disable authentication for matched targets. title: |- Action enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: |- Index of the rule. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBAuthenticationMatch' description: |- Add match criteria to the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - index - name title: |- AuthenticationRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthorizationAction: description: |- Advanced load balancer AuthorizationAction object properties: status_code: description: | HTTP status code to use for local response when an policy rule is matched. Enum options - HTTP_RESPONSE_STATUS_CODE_401, HTTP_RESPONSE_STATUS_CODE_403. enum: - HTTP_RESPONSE_STATUS_CODE_401 - HTTP_RESPONSE_STATUS_CODE_403 type: string type: default: ALLOW_ACCESS description: | Defines the action taken when an authorization policy rule is matched. By default, access is allowed to the requested resource. Enum options - ALLOW_ACCESS, CLOSE_CONNECTION, HTTP_LOCAL_RESPONSE. Default value when not specified in API or module is interpreted by ALB Controller as ALLOW_ACCESS. enum: - ALLOW_ACCESS - CLOSE_CONNECTION - HTTP_LOCAL_RESPONSE type: string title: |- AuthorizationAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthorizationMatch: description: |- Advanced load balancer AuthorizationMatch object properties: attr_matches: description: |- Attributes whose values need to be matched . items: $ref: '#/definitions/ALBAuthAttributeMatch' title: |- Attr matches type: array host_hdr: $ref: '#/definitions/ALBHostHdrMatch' description: |- Host header value to be matched. title: |- Host hdr method: $ref: '#/definitions/ALBMethodMatch' description: |- HTTP methods to be matched. title: |- Method path: $ref: '#/definitions/ALBPathMatch' description: |- Paths/URLs to be matched. title: |- Path title: |- AuthorizationMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthorizationPolicy: description: |- Advanced load balancer AuthorizationPolicy object properties: authz_rules: description: |- Authorization Policy Rules. items: $ref: '#/definitions/ALBAuthorizationRule' title: |- Authz rules type: array title: |- AuthorizationPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAuthorizationRule: description: |- Advanced load balancer AuthorizationRule object properties: action: $ref: '#/definitions/ALBAuthorizationAction' description: |- Authorization action when rule is matched. title: |- Action enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: |- Index of the Authorization Policy rule. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBAuthorizationMatch' description: |- Authorization match criteria for the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - action - index - name - match title: |- AuthorizationRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAutoScaleLaunchConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: image_id: description: | Unique ID of the Amazon Machine Image (AMI) or OpenStack VM ID. title: |- Image id type: string mesos: $ref: '#/definitions/ALBAutoScaleMesosSettings' description: | Placeholder for description of property mesos of obj type AutoScaleLaunchConfig field type str type ref. title: |- Mesos openstack: $ref: '#/definitions/ALBAutoScaleOpenStackSettings' description: | Placeholder for description of property openstack of obj type AutoScaleLaunchConfig field type str type ref. title: |- Openstack use_external_asg: default: true description: | If set to True, ServerAutoscalePolicy will use the autoscaling group (external_autoscaling_groups) from Pool to perform scale up and scale down. Pool should have single autoscaling group configured. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Use external asg type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer AutoScaleLaunchConfig object title: |- AutoScaleLaunchConfig x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAutoScaleLaunchConfigApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of AutoScaleLaunchConfig items: $ref: '#/definitions/ALBAutoScaleLaunchConfig' title: |- Array of AutoScaleLaunchConfig type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | AutoScaleLaunchConfigApiResponse title: |- AutoScaleLaunchConfigApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAutoScaleMesosSettings: description: |- Advanced load balancer AutoScaleMesosSettings object properties: force: default: true description: | Apply scaleout even when there are deployments inprogress. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Force type: boolean title: |- AutoScaleMesosSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBAutoScaleOpenStackSettings: description: |- Advanced load balancer AutoScaleOpenStackSettings object properties: heat_scale_down_url: description: | Avi Controller will use this URL to scale downthe pool. Cloud connector will automatically update the membership. This is an alpha feature. title: |- Heat scale down url type: string heat_scale_up_url: description: | Avi Controller will use this URL to scale upthe pool. Cloud connector will automatically update the membership. This is an alpha feature. title: |- Heat scale up url type: string title: |- AutoScaleOpenStackSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCRL: description: |- Advanced load balancer CRL object properties: body: description: | Certificate Revocation list from a given issuer in PEM format. This can either be configured directly or via the server_url. title: |- Body type: string common_name: description: | Common name of the issuer in the Certificate Revocation list. title: |- Common name type: string distinguished_name: description: | Distinguished name of the issuer in the Certificate Revocation list. title: |- Distinguished name type: string etag: description: |- Cached etag to optimize the download of the CRL. title: |- Etag type: string fingerprint: description: | Fingerprint of the CRL. Used to avoid configuring duplicates. title: |- Fingerprint type: string last_refreshed: description: | Last time CRL was refreshed by the system. This is an internal field used by the system. title: |- Last refreshed type: string last_update: description: |- The date when this CRL was last issued. title: |- Last update type: string next_update: description: | The date when a newer CRL will be available. Also conveys the date after which the CRL should be considered obsolete. title: |- Next update type: string server_url: description: | URL of a server that issues the Certificate Revocation list. If this is configured, CRL will be periodically downloaded either based on the configured update interval or the next update interval in the CRL. CRL itself is stored in the body. title: |- Server url type: string text: description: |- Certificate Revocation list in plain text for readability. title: |- Text type: string update_interval: description: | Interval in minutes to check for CRL update. If not specified, interval will be 1 day. Allowed values are 30-525600. Unit is MIN. format: int64 maximum: 525600 minimum: 30 title: |- Update interval type: integer title: |- CRL type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCertificateAuthority: description: |- Advanced load balancer CertificateAuthority object properties: ca_path: description: | It is a reference to an object of type SSLKeyAndCertificate. title: |- Ca path type: string name: description: |- Name of the object. title: |- Name type: string title: |- CertificateAuthority type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBClientInsightsSampling: description: |- Advanced load balancer ClientInsightsSampling object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- Client IP addresses to check when inserting RUM script. title: |- Client ip sample_uris: $ref: '#/definitions/ALBStringMatch' description: |- URL patterns to check when inserting RUM script. title: |- Sample uris skip_uris: $ref: '#/definitions/ALBStringMatch' description: |- URL patterns to avoid when inserting RUM script. title: |- Skip uris title: |- ClientInsightsSampling type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBClientLogConfiguration: description: |- Advanced load balancer ClientLogConfiguration object properties: enable_significant_log_collection: default: true description: | Enable significant log collection. By default, this flag is enabled, which means that Avi SEs collect significant logs and forward them to Controller for further processing. For example, these logs correspond to error conditions such as when the response code for a request is 500. Users can deactivate this flag to turn off default significant log collection. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable significant log collection type: boolean filtered_log_processing: default: LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND description: | Filtered logs are logs that match any client log filters or rules with logging enabled. Such logs are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. enum: - LOGS_PROCESSING_NONE - LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND - LOGS_PROCESSING_AUTO_SYNC_AND_INDEX - LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND type: string non_significant_log_processing: default: LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND description: | Logs that are neither significant nor filtered, are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. enum: - LOGS_PROCESSING_NONE - LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND - LOGS_PROCESSING_AUTO_SYNC_AND_INDEX - LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND type: string significant_log_processing: default: LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND description: | Significant logs are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. enum: - LOGS_PROCESSING_NONE - LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND - LOGS_PROCESSING_AUTO_SYNC_AND_INDEX - LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND type: string title: |- ClientLogConfiguration type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBClientLogFilter: description: |- Advanced load balancer ClientLogFilter object properties: all_headers: default: false description: | Placeholder for description of property all_headers of obj type ClientLogFilter field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- All headers type: boolean client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: | Placeholder for description of property client_ip of obj type ClientLogFilter field type str type ref. title: |- Client ip duration: default: 30 description: | Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 title: |- Duration type: integer enabled: default: false description: | Placeholder for description of property enabled of obj type ClientLogFilter field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean index: description: |- Number of index. format: int64 title: |- Index type: integer name: description: |- Name of the object. title: |- Name type: string uri: $ref: '#/definitions/ALBStringMatch' description: | Placeholder for description of property uri of obj type ClientLogFilter field type str type ref. title: |- Uri required: - index - enabled - name title: |- ClientLogFilter type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBClientLogStreamingConfig: description: |- Advanced load balancer ClientLogStreamingConfig object properties: external_server: description: | IP address or hostnames (FQDNs) of destination servers. If an FQDN is provided, this should be resolvable on Avi Service Engines. Multiple servers are supported by furnishing a comma-separated list of IP addresses or host names, for example, 11.11.11.11,23.12.12.4. Optionally, a separate port can be specified for each external server in the list, for example, 11.11.11.11 234,12.12.12.12 343. title: |- External server type: string external_server_port: default: 514 description: | The service port to use for the external servers. If multiple external servers have been specified, the single port number specified here will apply to all those servers for which an explicit port number has not been specified in the external server list. Default value when not specified in API or module is interpreted by ALB Controller as 514. format: int64 title: |- External server port type: integer format_config: $ref: '#/definitions/ALBClientLogStreamingFormat' description: | Configuration to specify the format of streamed logs. By default, each log is encoded in JSON format. title: |- Format config log_types_to_send: default: LOGS_ALL description: | Type of logs to stream to the external server. Default is LOGS_ALL, i.e., send all logs. Enum options - LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY, LOGS_UDF_SIGNIFICANT, LOGS_ALL. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_ALL. enum: - LOGS_SIGNIFICANT_ONLY - LOGS_UDF_ONLY - LOGS_UDF_SIGNIFICANT - LOGS_ALL type: string max_logs_per_second: default: 100 description: | Maximum number of logs per second streamed to the remote server. By default, 100 logs per second are streamed. Set this to zero(0) to not enforce any limit. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 title: |- Max logs per second type: integer protocol: default: LOG_STREAMING_PROTOCOL_UDP description: | Protocol to use for streaming logs. Enum options - LOG_STREAMING_PROTOCOL_UDP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP, LOG_STREAMING_PROTOCOL_TCP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP, LOG_STREAMING_PROTOCOL_RAW_OVER_UDP. Default value when not specified in API or module is interpreted by ALB Controller as LOG_STREAMING_PROTOCOL_UDP. enum: - LOG_STREAMING_PROTOCOL_UDP - LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP - LOG_STREAMING_PROTOCOL_TCP - LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP - LOG_STREAMING_PROTOCOL_RAW_OVER_UDP type: string syslog_config: $ref: '#/definitions/ALBStreamingSyslogConfig' description: | Syslog configuration if a Syslog-based protocol is specified for streaming. title: |- Syslog config required: - external_server title: |- ClientLogStreamingConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBClientLogStreamingFormat: description: |- Advanced load balancer ClientLogStreamingFormat object properties: format: description: | Format for the streamed logs. Enum options - LOG_STREAMING_FORMAT_JSON_FULL, LOG_STREAMING_FORMAT_JSON_SELECTED. enum: - LOG_STREAMING_FORMAT_JSON_FULL - LOG_STREAMING_FORMAT_JSON_SELECTED type: string included_fields: description: | List of log fields to be streamed, when selective fields (LOG_STREAMING_FORMAT_JSON_SELECTED) option is chosen. Only top-level fields in application or connection logs are supported. items: type: string title: |- Included fields type: array required: - format title: |- ClientLogStreamingFormat type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCloneServer: description: |- Advanced load balancer CloneServer object properties: ip_address: $ref: '#/definitions/ALBIpAddr' description: |- IP Address of the Clone Server. title: |- Ip address mac: description: |- MAC Address of the Clone Server. title: |- Mac type: string network_path: description: | Network to clone the traffic to. It is a reference to an object of type Network. title: |- Network path type: string subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: |- Subnet of the network to clone the traffic to. title: |- Subnet title: |- CloneServer type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCompressionFilter: description: |- Advanced load balancer CompressionFilter object properties: devices_path: description: |- It is a reference to an object of type StringGroup. title: |- Devices path type: string index: description: |- Number of index. format: int64 title: |- Index type: integer ip_addr_prefixes: description: | Placeholder for description of property ip_addr_prefixes of obj type CompressionFilter field type str type array. items: $ref: '#/definitions/ALBIpAddrPrefix' title: |- Ip addr prefixes type: array ip_addr_ranges: description: | Placeholder for description of property ip_addr_ranges of obj type CompressionFilter field type str type array. items: $ref: '#/definitions/ALBIpAddrRange' title: |- Ip addr ranges type: array ip_addrs: description: | Placeholder for description of property ip_addrs of obj type CompressionFilter field type str type array. items: $ref: '#/definitions/ALBIpAddr' title: |- Ip addrs type: array ip_addrs_path: description: |- It is a reference to an object of type IpAddrGroup. title: |- Ip addrs path type: string level: default: NORMAL_COMPRESSION description: | Enum options - AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION. Default value when not specified in API or module is interpreted by ALB Controller as NORMAL_COMPRESSION. enum: - AGGRESSIVE_COMPRESSION - NORMAL_COMPRESSION - NO_COMPRESSION type: string match: default: IS_IN description: | Whether to apply Filter when group criteria is matched or not. Enum options - IS_IN, IS_NOT_IN. Default value when not specified in API or module is interpreted by ALB Controller as IS_IN. enum: - IS_IN - IS_NOT_IN type: string name: description: |- Name of the object. title: |- Name type: string user_agent: description: | Placeholder for description of property user_agent of obj type CompressionFilter field type str type array. items: type: string title: |- User agent type: array required: - index - name - level title: |- CompressionFilter type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCompressionProfile: description: |- Advanced load balancer CompressionProfile object properties: compressible_content_path: description: | Compress only content types listed in this string group. Content types not present in this list are not compressed. It is a reference to an object of type StringGroup. title: |- Compressible content path type: string compression: default: false description: | Compress HTTP response content if it wasn't already compressed. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Compression type: boolean filter: description: |- Custom filters used when auto compression is not selected. items: $ref: '#/definitions/ALBCompressionFilter' title: |- Filter type: array remove_accept_encoding_header: default: true description: | Offload compression from the servers to AVI. Saves compute cycles on the servers. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Remove accept encoding header type: boolean type: default: AUTO_COMPRESSION description: | Compress content automatically or add custom filters to define compressible content and compression levels. Enum options - AUTO_COMPRESSION, CUSTOM_COMPRESSION. Default value when not specified in API or module is interpreted by ALB Controller as AUTO_COMPRESSION. enum: - AUTO_COMPRESSION - CUSTOM_COMPRESSION type: string required: - type - compression - remove_accept_encoding_header title: |- CompressionProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBConnPoolProperties: description: |- Advanced load balancer ConnPoolProperties object properties: upstream_connpool_conn_idle_tmo: default: 60000 description: | Connection idle timeout. Default value when not specified in API or module is interpreted by ALB Controller as 60000. format: int64 title: |- Upstream connpool conn idle tmo type: integer upstream_connpool_conn_life_tmo: default: 600000 description: | Connection life timeout. Default value when not specified in API or module is interpreted by ALB Controller as 600000. format: int64 title: |- Upstream connpool conn life tmo type: integer upstream_connpool_conn_max_reuse: default: 0 description: | Maximum number of times a connection can be reused. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Upstream connpool conn max reuse type: integer upstream_connpool_server_max_cache: default: 0 description: | Maximum number of connections a server can cache. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Upstream connpool server max cache type: integer title: |- ConnPoolProperties type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBContentRewriteProfile: description: |- Advanced load balancer ContentRewriteProfile object properties: response_rewrite_enabled: default: false description: | Enable rewrite on response body. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Response rewrite enabled type: boolean rewritable_content_path: description: | Rewrite only content types listed in this string group. Content types not present in this list are not rewritten. It is a reference to an object of type StringGroup. title: |- Rewritable content path type: string rsp_match_replace_pair: description: | Strings to be matched and replaced with on the response body. items: $ref: '#/definitions/ALBMatchReplacePair' title: |- Rsp match replace pair type: array title: |- ContentRewriteProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCookieMatch: description: |- Advanced load balancer CookieMatch object properties: match_case: default: INSENSITIVE description: | Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: description: | Criterion to use for matching the cookie in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. enum: - HDR_EXISTS - HDR_DOES_NOT_EXIST - HDR_BEGINS_WITH - HDR_DOES_NOT_BEGIN_WITH - HDR_CONTAINS - HDR_DOES_NOT_CONTAIN - HDR_ENDS_WITH - HDR_DOES_NOT_END_WITH - HDR_EQUALS - HDR_DOES_NOT_EQUAL type: string name: description: |- Name of the cookie. title: |- Name type: string value: description: |- String value in the cookie. title: |- Value type: string required: - name - match_criteria title: |- CookieMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBCustomParams: description: |- Advanced load balancer CustomParams object properties: is_dynamic: default: false description: | Placeholder for description of property is_dynamic of obj type CustomParams field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is dynamic type: boolean is_sensitive: default: false description: | Placeholder for description of property is_sensitive of obj type CustomParams field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is sensitive type: boolean name: description: |- Name of the object. title: |- Name type: string value: description: |- value of CustomParams. title: |- Value type: string required: - name title: |- CustomParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDiscoveredNetwork: description: |- Advanced load balancer DiscoveredNetwork object properties: network_path: description: | Discovered network for this IP. It is a reference to an object of type Network. title: |- Network path type: string subnet: description: |- Discovered subnet for this IP. items: $ref: '#/definitions/ALBIpAddrPrefix' title: |- Subnet type: array subnet6: description: |- Discovered IPv6 subnet for this IP. items: $ref: '#/definitions/ALBIpAddrPrefix' title: |- Subnet6 type: array required: - network_path title: |- DiscoveredNetwork type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsAAAARdata: description: |- Advanced load balancer DnsAAAARdata object properties: ip6_address: $ref: '#/definitions/ALBIpAddr' description: |- IPv6 address for FQDN. title: |- Ip6 address required: - ip6_address title: |- DnsAAAARdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsARdata: description: |- Advanced load balancer DnsARdata object properties: ip_address: $ref: '#/definitions/ALBIpAddr' description: |- IP address for FQDN. title: |- Ip address required: - ip_address title: |- DnsARdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsAttack: description: |- Advanced load balancer DnsAttack object properties: attack_vector: description: | The DNS attack vector. Enum options - DNS_REFLECTION, DNS_NXDOMAIN, DNS_AMPLIFICATION_EGRESS. enum: - DNS_REFLECTION - DNS_NXDOMAIN - DNS_AMPLIFICATION_EGRESS type: string enabled: default: true description: | Enable or disable the mitigation of the attack vector. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enabled type: boolean max_mitigation_age: default: 60 description: | Time in minutes after which mitigation will be deactivated. Allowed values are 1-4294967295. Special values are 0- 'blocked for ever'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 60. format: int64 maximum: 4294967295 minimum: 0 title: |- Max mitigation age type: integer mitigation_action: $ref: '#/definitions/ALBAttackMitigationAction' description: |- Mitigation action to perform for this DNS attack vector. title: |- Mitigation action threshold: description: | Threshold, in terms of DNS packet per second, for the DNS attack vector. format: int64 title: |- Threshold type: integer required: - attack_vector title: |- DnsAttack type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsAttacks: description: |- Advanced load balancer DnsAttacks object properties: attacks: description: | Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. items: $ref: '#/definitions/ALBDnsAttack' title: |- Attacks type: array oper_mode: description: | Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. enum: - DETECTION - MITIGATION type: string title: |- DnsAttacks type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsClientIpMatch: description: |- Advanced load balancer DnsClientIpMatch object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- IP addresses to match against client IP. title: |- Client ip use_edns_client_subnet_ip: default: true description: | Use the IP address from the EDNS client subnet option, if available, as the source IP address of the client. It should be noted that the edns subnet IP may not be a /32 IP address. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Use edns client subnet ip type: boolean required: - client_ip title: |- DnsClientIpMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsCnameRdata: description: |- Advanced load balancer DnsCnameRdata object properties: cname: description: |- Canonical name. title: |- Cname type: string required: - cname title: |- DnsCnameRdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsGeoLocationMatch: description: |- Advanced load balancer DnsGeoLocationMatch object properties: geolocation_name: description: | Geographical location of the client IP to be used in the match. This location is of the format Country/State/City e.g. US/CA/Santa Clara. title: |- Geolocation name type: string geolocation_tag: description: | Geolocation tag for the client IP. This could be any string value for the client IP, e.g. client IPs from US East Coast geolocation would be tagged as 'East Coast'. title: |- Geolocation tag type: string match_criteria: description: | Criterion to use for matching the client IP's geographical location. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string use_edns_client_subnet_ip: default: true description: | Use the IP address from the EDNS client subnet option, if available, to derive geo location of the DNS query. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Use edns client subnet ip type: boolean required: - match_criteria title: |- DnsGeoLocationMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsInfo: description: |- Advanced load balancer DnsInfo object properties: algorithm: default: DNS_RECORD_RESPONSE_CONSISTENT_HASH description: | Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is consistent hash. Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_RESPONSE_CONSISTENT_HASH. enum: - DNS_RECORD_RESPONSE_ROUND_ROBIN - DNS_RECORD_RESPONSE_CONSISTENT_HASH type: string cname: $ref: '#/definitions/ALBDnsCnameRdata' description: |- Canonical name in CNAME record. title: |- Cname fqdn: description: |- Fully qualified domain name. title: |- Fqdn type: string metadata: description: |- Any metadata associated with this record. title: |- Metadata type: string num_records_in_response: default: 1 description: | Specifies the number of records returned for this FQDN. Enter 0 to return all records. Default is 0. Allowed values are 0-20. Special values are 0- 'Return all records'. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 20 minimum: 0 title: |- Num records in response type: integer ttl: description: | Time to live for fqdn record. Default value is chosen from DNS profile for this cloud if no value provided. format: int64 title: |- Ttl type: integer type: default: DNS_RECORD_A description: | DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_A. enum: - DNS_RECORD_OTHER - DNS_RECORD_A - DNS_RECORD_NS - DNS_RECORD_CNAME - DNS_RECORD_SOA - DNS_RECORD_PTR - DNS_RECORD_HINFO - DNS_RECORD_MX - DNS_RECORD_TXT - DNS_RECORD_RP - DNS_RECORD_DNSKEY - DNS_RECORD_AAAA - DNS_RECORD_SRV - DNS_RECORD_OPT - DNS_RECORD_RRSIG - DNS_RECORD_AXFR - DNS_RECORD_ANY type: string title: |- DnsInfo type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsMxRdata: description: |- Advanced load balancer DnsMxRdata object properties: host: description: | Fully qualified domain name of a mailserver. The host name maps directly to one or more address records in the DNS table, and must not point to any CNAME records (RFC 2181). title: |- Host type: string priority: description: | The priority field identifies which mail server should be preferred. Allowed values are 0-65535. format: int64 maximum: 65535 minimum: 0 title: |- Priority type: integer required: - priority - host title: |- DnsMxRdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsNsRdata: description: |- Advanced load balancer DnsNsRdata object properties: ip6_address: $ref: '#/definitions/ALBIpAddr' description: |- IPv6 address for Name Server. title: |- Ip6 address ip_address: $ref: '#/definitions/ALBIpAddr' description: |- IP address for Name Server. title: |- Ip address nsname: description: |- Name Server name. title: |- Nsname type: string required: - nsname title: |- DnsNsRdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsPolicies: description: |- Advanced load balancer DnsPolicies object properties: dns_policy_path: description: | path of the dns policy. It is a reference to an object of type DnsPolicy. title: |- Dns policy path type: string index: description: |- Index of the dns policy. format: int64 title: |- Index type: integer required: - index - dns_policy_path title: |- DnsPolicies type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: created_by: description: |- Creator name. title: |- Created by type: string rule: description: |- DNS rules. items: $ref: '#/definitions/ALBDnsRule' title: |- Rule type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer DnsPolicy object title: |- DnsPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of DnsPolicy items: $ref: '#/definitions/ALBDnsPolicy' title: |- Array of DnsPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | DnsPolicyApiResponse title: |- DnsPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsQueryNameMatch: description: |- Advanced load balancer DnsQueryNameMatch object properties: match_criteria: description: | Criterion to use for string matching the DNS query domain name in the question section. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. enum: - BEGINS_WITH - DOES_NOT_BEGIN_WITH - CONTAINS - DOES_NOT_CONTAIN - ENDS_WITH - DOES_NOT_END_WITH - EQUALS - DOES_NOT_EQUAL - REGEX_MATCH - REGEX_DOES_NOT_MATCH type: string query_domain_names: description: | Domain name to match against that specified in the question section of the DNS query. items: type: string title: |- Query domain names type: array string_group_paths: description: | path of the string group(s) for matching against DNS query domain name in the question section. It is a reference to an object of type StringGroup. items: type: string title: |- String group paths type: array required: - match_criteria title: |- DnsQueryNameMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsQueryTypeMatch: description: |- Advanced load balancer DnsQueryTypeMatch object properties: match_criteria: description: | Criterion to use for matching the DNS query typein the question section. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string query_type: description: | DNS query types in the request query. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. items: description: |- Valid ENUM values for ALBDnsRecordType enum: - DNS_RECORD_OTHER - DNS_RECORD_A - DNS_RECORD_NS - DNS_RECORD_CNAME - DNS_RECORD_SOA - DNS_RECORD_PTR - DNS_RECORD_HINFO - DNS_RECORD_MX - DNS_RECORD_TXT - DNS_RECORD_RP - DNS_RECORD_DNSKEY - DNS_RECORD_AAAA - DNS_RECORD_SRV - DNS_RECORD_OPT - DNS_RECORD_RRSIG - DNS_RECORD_AXFR - DNS_RECORD_ANY type: string title: |- Query type type: array required: - match_criteria title: |- DnsQueryTypeMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRateLimiter: description: |- Advanced load balancer DnsRateLimiter object properties: action: $ref: '#/definitions/ALBDnsRuleRLAction' description: |- Action to perform upon rate limiting. title: |- Action rate_limiter_object: $ref: '#/definitions/ALBRateLimiter' description: |- Rate limiting object. title: |- Rate limiter object required: - action - rate_limiter_object title: |- DnsRateLimiter type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRecord: description: |- Advanced load balancer DnsRecord object properties: algorithm: default: DNS_RECORD_RESPONSE_ROUND_ROBIN description: | Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is round-robin. Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_RESPONSE_ROUND_ROBIN. enum: - DNS_RECORD_RESPONSE_ROUND_ROBIN - DNS_RECORD_RESPONSE_CONSISTENT_HASH type: string cname: $ref: '#/definitions/ALBDnsCnameRdata' description: |- Canonical name in CNAME record. title: |- Cname delegated: default: false description: | Configured FQDNs are delegated domains (i.e. they represent a zone cut). Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Delegated type: boolean description: description: |- Details of DNS record. title: |- Description type: string fqdn: description: | Fully Qualified Domain Name. Minimum of 1 items required. items: type: string title: |- Fqdn type: array ip6_address: description: | IPv6 address in AAAA record. Maximum of 4 items allowed. items: $ref: '#/definitions/ALBDnsAAAARdata' title: |- Ip6 address type: array ip_address: description: | IP address in A record. Maximum of 4 items allowed. items: $ref: '#/definitions/ALBDnsARdata' title: |- Ip address type: array metadata: description: |- Internal metadata for the DNS record. title: |- Metadata type: string mx_records: description: | MX record. Maximum of 4 items allowed. items: $ref: '#/definitions/ALBDnsMxRdata' title: |- Mx records type: array ns: description: | Name Server information in NS record. Maximum of 13 items allowed. items: $ref: '#/definitions/ALBDnsNsRdata' title: |- Ns type: array num_records_in_response: default: 0 description: | Specifies the number of records returned by the DNS service. Enter 0 to return all records. Default is 0. Allowed values are 0-20. Special values are 0- 'Return all records'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 20 minimum: 0 title: |- Num records in response type: integer service_locator: description: | Service locator info in SRV record. Maximum of 4 items allowed. items: $ref: '#/definitions/ALBDnsSrvRdata' title: |- Service locator type: array ttl: description: |- Time To Live for this DNS record. format: int64 title: |- Ttl type: integer txt_records: description: | Text record. Maximum of 4 items allowed. items: $ref: '#/definitions/ALBDnsTxtRdata' title: |- Txt records type: array type: description: | DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. enum: - DNS_RECORD_OTHER - DNS_RECORD_A - DNS_RECORD_NS - DNS_RECORD_CNAME - DNS_RECORD_SOA - DNS_RECORD_PTR - DNS_RECORD_HINFO - DNS_RECORD_MX - DNS_RECORD_TXT - DNS_RECORD_RP - DNS_RECORD_DNSKEY - DNS_RECORD_AAAA - DNS_RECORD_SRV - DNS_RECORD_OPT - DNS_RECORD_RRSIG - DNS_RECORD_AXFR - DNS_RECORD_ANY type: string wildcard_match: default: false description: | Enable wild-card match of fqdn if an exact match is not found in the DNS table, the longest match is chosen by wild-carding the fqdn in the DNS request. Default is false. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Wildcard match type: boolean required: - type - fqdn title: |- DnsRecord type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRrSet: description: |- Advanced load balancer DnsRrSet object properties: cname: $ref: '#/definitions/ALBDnsCnameRdata' description: |- Canonical name in CNAME record. title: |- Cname fqdn: description: |- Fully Qualified Domain Name. title: |- Fqdn type: string ip6_addresses: description: |- IPv6 address in AAAA record. items: $ref: '#/definitions/ALBDnsAAAARdata' title: |- Ip6 addresses type: array ip_addresses: description: |- IP address in A record. items: $ref: '#/definitions/ALBDnsARdata' title: |- Ip addresses type: array nses: description: |- Name Server information in NS record. items: $ref: '#/definitions/ALBDnsNsRdata' title: |- Nses type: array ttl: description: | Time To Live for this DNS record. Allowed values are 0-2147483647. format: int64 maximum: 2147483647 minimum: 0 title: |- Ttl type: integer type: description: | DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. enum: - DNS_RECORD_OTHER - DNS_RECORD_A - DNS_RECORD_NS - DNS_RECORD_CNAME - DNS_RECORD_SOA - DNS_RECORD_PTR - DNS_RECORD_HINFO - DNS_RECORD_MX - DNS_RECORD_TXT - DNS_RECORD_RP - DNS_RECORD_DNSKEY - DNS_RECORD_AAAA - DNS_RECORD_SRV - DNS_RECORD_OPT - DNS_RECORD_RRSIG - DNS_RECORD_AXFR - DNS_RECORD_ANY type: string required: - type - fqdn - ttl title: |- DnsRrSet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRule: description: |- Advanced load balancer DnsRule object properties: action: $ref: '#/definitions/ALBDnsRuleAction' description: |- Action to be performed upon successful matching. title: |- Action enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: |- Index of the rule. format: int64 title: |- Index type: integer log: description: |- Log DNS query upon rule match. title: |- Log type: boolean match: $ref: '#/definitions/ALBDnsRuleMatchTarget' description: |- Add match criteria to the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - index - name title: |- DnsRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleAction: description: |- Advanced load balancer DnsRuleAction object properties: allow: $ref: '#/definitions/ALBDnsRuleActionAllowDrop' description: |- Allow or drop the DNS query. title: |- Allow dns_rate_limiter: $ref: '#/definitions/ALBDnsRateLimiter' description: |- Rate limits the DNS requests. title: |- Dns rate limiter gslb_site_selection: $ref: '#/definitions/ALBDnsRuleActionGslbSiteSelection' description: | Select a specific GSLB site for the DNS query. This action should be used only when GSLB services have been configured for the DNS virtual service. title: |- Gslb site selection pool_switching: $ref: '#/definitions/ALBDnsRuleActionPoolSwitching' description: | Select a pool or pool group for the passthrough DNS query which cannot be served locally but could be served by upstream servers. title: |- Pool switching response: $ref: '#/definitions/ALBDnsRuleActionResponse' description: |- Generate a response for the DNS query. title: |- Response title: |- DnsRuleAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleActionAllowDrop: description: |- Advanced load balancer DnsRuleActionAllowDrop object properties: allow: default: true description: | Allow the DNS query. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Allow type: boolean reset_conn: default: true description: | Reset the TCP connection of the DNS query, if allow is set to false to drop the query. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Reset conn type: boolean title: |- DnsRuleActionAllowDrop type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleActionGslbSiteSelection: description: |- Advanced load balancer DnsRuleActionGslbSiteSelection object properties: fallback_site_names: description: | GSLB fallback sites to use in case the desired site is down. Maximum of 64 items allowed. items: type: string title: |- Fallback site names type: array is_site_preferred: default: true description: | When set to true, GSLB site is a preferred site. This setting comes into play when the site is down, as well as no configured fallback site is available (all fallback sites are also down), then any one available site is selected based on the default algorithm for GSLB pool member selection. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Is site preferred type: boolean site_name: description: |- GSLB site name. title: |- Site name type: string required: - site_name title: |- DnsRuleActionGslbSiteSelection type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleActionPoolSwitching: description: |- Advanced load balancer DnsRuleActionPoolSwitching object properties: pool_group_path: description: | Reference of the pool group to serve the passthrough DNS query which cannot be served locally. It is a reference to an object of type PoolGroup. title: |- Pool group path type: string pool_path: description: | Reference of the pool to serve the passthrough DNS query which cannot be served locally. It is a reference to an object of type Pool. title: |- Pool path type: string title: |- DnsRuleActionPoolSwitching type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleActionResponse: description: |- Advanced load balancer DnsRuleActionResponse object properties: authoritative: default: true description: | DNS response is authoritative. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Authoritative type: boolean rcode: default: DNS_RCODE_NOERROR description: | DNS response code. Enum options - DNS_RCODE_NOERROR, DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP, DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET, DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RCODE_NOERROR. enum: - DNS_RCODE_NOERROR - DNS_RCODE_FORMERR - DNS_RCODE_SERVFAIL - DNS_RCODE_NXDOMAIN - DNS_RCODE_NOTIMP - DNS_RCODE_REFUSED - DNS_RCODE_YXDOMAIN - DNS_RCODE_YXRRSET - DNS_RCODE_NXRRSET - DNS_RCODE_NOTAUTH - DNS_RCODE_NOTZONE type: string resource_record_sets: description: | DNS resource record sets - (resource record set share the DNS domain name, type, and class). items: $ref: '#/definitions/ALBDnsRuleDnsRrSet' title: |- Resource record sets type: array truncation: default: false description: | DNS response is truncated. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Truncation type: boolean title: |- DnsRuleActionResponse type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleDnsRrSet: description: |- Advanced load balancer DnsRuleDnsRrSet object properties: resource_record_set: $ref: '#/definitions/ALBDnsRrSet' description: | DNS resource record set - (records in the resource record set share the DNS domain name, type, and class). title: |- Resource record set section: default: DNS_MESSAGE_SECTION_ANSWER description: | DNS message section for the resource record set. Enum options - DNS_MESSAGE_SECTION_QUESTION, DNS_MESSAGE_SECTION_ANSWER, DNS_MESSAGE_SECTION_AUTHORITY, DNS_MESSAGE_SECTION_ADDITIONAL. Default value when not specified in API or module is interpreted by ALB Controller as DNS_MESSAGE_SECTION_ANSWER. enum: - DNS_MESSAGE_SECTION_QUESTION - DNS_MESSAGE_SECTION_ANSWER - DNS_MESSAGE_SECTION_AUTHORITY - DNS_MESSAGE_SECTION_ADDITIONAL type: string required: - resource_record_set title: |- DnsRuleDnsRrSet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleMatchTarget: description: |- Advanced load balancer DnsRuleMatchTarget object properties: client_ip_address: $ref: '#/definitions/ALBDnsClientIpMatch' description: | IP addresses to match against client IP or the EDNS client subnet IP. title: |- Client ip address geo_location: $ref: '#/definitions/ALBDnsGeoLocationMatch' description: | Geographical location attribute to match against that of the client IP. title: |- Geo location protocol: $ref: '#/definitions/ALBDnsTransportProtocolMatch' description: |- DNS transport protocol match. title: |- Protocol query_name: $ref: '#/definitions/ALBDnsQueryNameMatch' description: |- Domain names to match against query name. title: |- Query name query_type: $ref: '#/definitions/ALBDnsQueryTypeMatch' description: |- DNS query types to match against request query type. title: |- Query type title: |- DnsRuleMatchTarget type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsRuleRLAction: description: |- Advanced load balancer DnsRuleRLAction object properties: type: default: DNS_RL_ACTION_NONE description: | Type of action to be enforced upon hitting the rate limit. Enum options - DNS_RL_ACTION_NONE, DNS_RL_ACTION_DROP_REQ. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RL_ACTION_NONE. enum: - DNS_RL_ACTION_NONE - DNS_RL_ACTION_DROP_REQ type: string title: |- DnsRuleRLAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsServiceApplicationProfile: description: |- Advanced load balancer DnsServiceApplicationProfile object properties: aaaa_empty_response: default: true description: | Respond to AAAA queries with empty response when there are only IPV4 records. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Aaaa empty response type: boolean admin_email: default: hostmaster description: | Email address of the administrator responsible for this zone. This field is used in SOA records (rname) pertaining to all domain names specified as authoritative domain names. If not configured, the default value 'hostmaster' is used in SOA responses. Default value when not specified in API or module is interpreted by ALB Controller as hostmaster. title: |- Admin email type: string dns_over_tcp_enabled: default: true description: | Enable DNS query/response over TCP. This enables analytics for pass-through queries as well. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Dns over tcp enabled type: boolean dns_zones: description: | DNS zones hosted on this Virtual Service. Maximum of 100 items allowed. items: $ref: '#/definitions/ALBDnsZone' title: |- Dns zones type: array domain_names: description: | Subdomain names serviced by this Virtual Service. These are configured as Ends-With semantics. Maximum of 100 items allowed. items: type: string title: |- Domain names type: array ecs_stripping_enabled: default: true description: | Enable stripping of EDNS client subnet (ecs) option towards client if DNS service inserts ecs option in the DNS query towards upstream servers. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Ecs stripping enabled type: boolean edns: default: true description: | Enable DNS service to be aware of EDNS (Extension mechanism for DNS). EDNS extensions are parsed and shown in logs. For GSLB services, the EDNS client subnet option can be used to influence Load Balancing. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Edns type: boolean edns_client_subnet_prefix_len: description: | Specifies the IP address prefix length to use in the EDNS client subnet (ECS) option. When the incoming request does not have any ECS option and the prefix length is specified, an ECS option is inserted in the request passed to upstream server. If the incoming request already has an ECS option, the prefix length (and correspondingly the address) in the ECS option is updated, with the minimum of the prefix length present in the incoming and the configured prefix length, before passing the request to upstream server. Allowed values are 1-32. format: int64 maximum: 32 minimum: 1 title: |- Edns client subnet prefix len type: integer error_response: default: DNS_ERROR_RESPONSE_NONE description: | Drop or respond to client when the DNS service encounters an error processing a client query. By default, such a request is dropped without any response, or passed through to a passthrough pool, if configured. When set to respond, an appropriate response is sent to client, e.g. NXDOMAIN response for non-existent records, empty NOERROR response for unsupported queries, etc. Enum options - DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE. Default value when not specified in API or module is interpreted by ALB Controller as DNS_ERROR_RESPONSE_NONE. enum: - DNS_ERROR_RESPONSE_ERROR - DNS_ERROR_RESPONSE_NONE type: string name_server: description: | The of the name server that was the original or primary source of data for this zone. This field is used in SOA records (mname) pertaining to all domain names specified as authoritative domain names. If not configured, domain name is used as name server in SOA response. title: |- Name server type: string negative_caching_ttl: default: 30 description: | Specifies the TTL value (in seconds) for SOA (Start of Authority) (corresponding to a authoritative domain owned by this DNS Virtual Service) record's minimum TTL served by the DNS Virtual Service. Allowed values are 0-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 maximum: 86400 minimum: 0 title: |- Negative caching ttl type: integer num_dns_ip: default: 1 description: | Specifies the number of IP addresses returned by the DNS Service. Enter 0 to return all IP addresses. Allowed values are 1-20. Special values are 0- 'Return all IP addresses'. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 20 minimum: 0 title: |- Num dns ip type: integer ttl: default: 30 description: | Specifies the TTL value (in seconds) for records served by DNS Service. Allowed values are 0-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 maximum: 86400 minimum: 0 title: |- Ttl type: integer title: |- DnsServiceApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsSrvRdata: description: |- Advanced load balancer DnsSrvRdata object properties: port: description: | Service port. Allowed values are 0-65535. format: int64 maximum: 65535 minimum: 0 title: |- Port type: integer priority: default: 0 description: | Priority of the target hosting the service, low value implies higher priority for this service record. Allowed values are 0-65535. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 65535 minimum: 0 title: |- Priority type: integer target: default: default.host description: | Canonical hostname, of the machine hosting the service, with no trailing period. 'default.host' is valid but not 'default.host.'. Default value when not specified in API or module is interpreted by ALB Controller as default.host. title: |- Target type: string weight: default: 0 description: | Relative weight for service records with same priority, high value implies higher preference for this service record. Allowed values are 0-65535. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 65535 minimum: 0 title: |- Weight type: integer required: - port title: |- DnsSrvRdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsTransportProtocolMatch: description: |- Advanced load balancer DnsTransportProtocolMatch object properties: match_criteria: description: | Criterion to use for matching the DNS transport protocol. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string protocol: description: | Protocol to match against transport protocol used by DNS query. Enum options - DNS_OVER_UDP, DNS_OVER_TCP. enum: - DNS_OVER_UDP - DNS_OVER_TCP type: string required: - protocol - match_criteria title: |- DnsTransportProtocolMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsTxtRdata: description: |- Advanced load balancer DnsTxtRdata object properties: text_str: description: |- Text data associated with the FQDN. title: |- Text str type: string required: - text_str title: |- DnsTxtRdata type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDnsZone: description: |- Advanced load balancer DnsZone object properties: admin_email: description: | Email address of the administrator responsible for this zone. This field is used in SOA records as rname (RFC 1035). If not configured, it is inherited from the DNS service profile. title: |- Admin email type: string domain_name: description: | Domain name authoritatively serviced by this Virtual Service. Queries for FQDNs that are sub domains of this domain and do not have any DNS record in Avi are dropped or NXDomain response sent. For domains which are present, SOA parameters are sent in answer section of response if query type is SOA. title: |- Domain name type: string name_server: description: | The primary name server for this zone. This field is used in SOA records as mname (RFC 1035). If not configured, it is inherited from the DNS service profile. If even that is not configured, the domain name is used instead. title: |- Name server type: string required: - domain_name title: |- DnsZone type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDosRateLimitProfile: description: |- Advanced load balancer DosRateLimitProfile object properties: dos_profile: $ref: '#/definitions/ALBDosThresholdProfile' description: |- Profile for DoS attack detection. title: |- Dos profile rl_profile: $ref: '#/definitions/ALBRateLimiterProfile' description: |- Profile for Connections/Requests rate limiting. title: |- Rl profile title: |- DosRateLimitProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDosThreshold: description: |- Advanced load balancer DosThreshold object properties: attack: description: | Attack type. Enum options - LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT... enum: - LAND - SMURF - ICMP_PING_FLOOD - UNKOWN_PROTOCOL - TEARDROP - IP_FRAG_OVERRUN - IP_FRAG_TOOSMALL - IP_FRAG_FULL - IP_FRAG_INCOMPLETE - PORT_SCAN - TCP_NON_SYN_FLOOD_OLD - SYN_FLOOD - BAD_RST_FLOOD - MALFORMED_FLOOD - FAKE_SESSION - ZERO_WINDOW_STRESS - SMALL_WINDOW_STRESS - DOS_HTTP_TIMEOUT - DOS_HTTP_ERROR - DOS_HTTP_ABORT - DOS_SSL_ERROR - DOS_APP_ERROR - DOS_REQ_IP_RL_DROP - DOS_REQ_URI_RL_DROP - DOS_REQ_URI_SCAN_BAD_RL_DROP - DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP - DOS_REQ_IP_URI_RL_DROP - DOS_CONN_IP_RL_DROP - DOS_SLOW_URL - TCP_NON_SYN_FLOOD - DOS_REQ_CIP_SCAN_BAD_RL_DROP - DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP - DOS_REQ_IP_RL_DROP_BAD - DOS_REQ_URI_RL_DROP_BAD - DOS_REQ_IP_URI_RL_DROP_BAD - POLICY_DROPS - DOS_CONN_RL_DROP - DOS_REQ_RL_DROP - DOS_REQ_HDR_RL_DROP - DOS_REQ_CUSTOM_RL_DROP - DNS_ATTACK_REFLECTION type: string max_value: description: | Maximum number of packets or connections or requests in a given interval of time to be deemed as attack. format: int64 title: |- Max value type: integer min_value: description: | Minimum number of packets or connections or requests in a given interval of time to be deemed as attack. format: int64 title: |- Min value type: integer required: - max_value - attack - min_value title: |- DosThreshold type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDosThresholdProfile: description: |- Advanced load balancer DosThresholdProfile object properties: thresh_info: description: |- Attack type, min and max values for DoS attack detection. items: $ref: '#/definitions/ALBDosThreshold' title: |- Thresh info type: array thresh_period: default: 5 description: | Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 5. format: int64 title: |- Thresh period type: integer required: - thresh_period title: |- DosThresholdProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBDsrProfile: description: |- Advanced load balancer DsrProfile object properties: dsr_encap_type: default: ENCAP_IPINIP description: | Encapsulation type to use when DSR is L3. Enum options - ENCAP_IPINIP. Default value when not specified in API or module is interpreted by ALB Controller as ENCAP_IPINIP. enum: - ENCAP_IPINIP type: string dsr_type: default: DSR_TYPE_L3 description: | DSR type L2/L3. Enum options - DSR_TYPE_L2, DSR_TYPE_L3. Default value when not specified in API or module is interpreted by ALB Controller as DSR_TYPE_L3. enum: - DSR_TYPE_L2 - DSR_TYPE_L3 type: string title: |- DsrProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBEquivalentLabels: description: |- Advanced load balancer EquivalentLabels object properties: labels: description: |- Equivalent labels. items: type: string title: |- Labels type: array title: |- EquivalentLabels type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBErrorPage: description: |- Advanced load balancer ErrorPage object properties: enable: default: true description: | Enable or disable the error page. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean error_page_body_path: description: | Custom error page body used to sent to the client. It is a reference to an object of type ErrorPageBody. title: |- Error page body path type: string error_redirect: description: |- Redirect sent to client when match. title: |- Error redirect type: string index: description: |- Index of the error page. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBHTTPStatusMatch' description: |- Add match criteria for http status codes to the error page. title: |- Match title: |- ErrorPage type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBErrorPageBody: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: error_page_body: description: |- Error page body sent to client when match. title: |- Error page body type: string format: default: ERROR_PAGE_FORMAT_HTML description: | Format of an error page body HTML or JSON. Enum options - ERROR_PAGE_FORMAT_HTML, ERROR_PAGE_FORMAT_JSON. Default value when not specified in API or module is interpreted by ALB Controller as ERROR_PAGE_FORMAT_HTML. enum: - ERROR_PAGE_FORMAT_HTML - ERROR_PAGE_FORMAT_JSON type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ErrorPageBody object title: |- ErrorPageBody x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBErrorPageBodyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ErrorPageBody items: $ref: '#/definitions/ALBErrorPageBody' title: |- Array of ErrorPageBody type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ErrorPageBodyApiResponse title: |- ErrorPageBodyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBErrorPageProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: error_pages: description: |- Defined Error Pages for HTTP status codes. items: $ref: '#/definitions/ALBErrorPage' title: |- Error pages type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ErrorPageProfile object title: |- ErrorPageProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBErrorPageProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ErrorPageProfile items: $ref: '#/definitions/ALBErrorPageProfile' title: |- Array of ErrorPageProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ErrorPageProfileApiResponse title: |- ErrorPageProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBFailAction: description: |- Advanced load balancer FailAction object properties: local_rsp: $ref: '#/definitions/ALBFailActionHTTPLocalResponse' description: | Local response to HTTP requests when pool experiences a failure. title: |- Local rsp redirect: $ref: '#/definitions/ALBFailActionHTTPRedirect' description: | URL to redirect HTTP requests to when pool experiences a failure. title: |- Redirect type: default: FAIL_ACTION_CLOSE_CONN description: | Enables a response to client when pool experiences a failure. By default TCP connection is closed. Enum options - FAIL_ACTION_HTTP_REDIRECT, FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN, FAIL_ACTION_BACKUP_POOL. Default value when not specified in API or module is interpreted by ALB Controller as FAIL_ACTION_CLOSE_CONN. enum: - FAIL_ACTION_HTTP_REDIRECT - FAIL_ACTION_HTTP_LOCAL_RSP - FAIL_ACTION_CLOSE_CONN - FAIL_ACTION_BACKUP_POOL type: string required: - type title: |- FailAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBFailActionHTTPLocalResponse: description: |- Advanced load balancer FailActionHTTPLocalResponse object properties: file: $ref: '#/definitions/ALBHTTPLocalFile' description: | Placeholder for description of property file of obj type FailActionHTTPLocalResponse field type str type ref. title: |- File status_code: default: FAIL_HTTP_STATUS_CODE_503 description: | Enum options - FAIL_HTTP_STATUS_CODE_200, FAIL_HTTP_STATUS_CODE_503. Default value when not specified in API or module is interpreted by ALB Controller as FAIL_HTTP_STATUS_CODE_503. enum: - FAIL_HTTP_STATUS_CODE_200 - FAIL_HTTP_STATUS_CODE_503 type: string title: |- FailActionHTTPLocalResponse type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBFailActionHTTPRedirect: description: |- Advanced load balancer FailActionHTTPRedirect object properties: host: description: |- host of FailActionHTTPRedirect. title: |- Host type: string path: description: |- path of FailActionHTTPRedirect. title: |- Path type: string protocol: default: HTTPS description: | Enum options - HTTP, HTTPS. Default value when not specified in API or module is interpreted by ALB Controller as HTTPS. enum: - HTTP - HTTPS type: string query: description: |- query of FailActionHTTPRedirect. title: |- Query type: string status_code: default: HTTP_REDIRECT_STATUS_CODE_302 description: | Enum options - HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_REDIRECT_STATUS_CODE_302. enum: - HTTP_REDIRECT_STATUS_CODE_301 - HTTP_REDIRECT_STATUS_CODE_302 - HTTP_REDIRECT_STATUS_CODE_307 type: string required: - host title: |- FailActionHTTPRedirect type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBFullClientLogs: description: |- Advanced load balancer FullClientLogs object properties: duration: default: 30 description: | How long should the system capture all logs, measured in minutes. Set to 0 for infinite. Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 title: |- Duration type: integer enabled: default: false description: | Capture all client logs including connections and requests. When deactivated, only errors will be logged. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean throttle: default: 10 description: | This setting limits the number of non-significant logs generated per second for this VS on each SE. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 title: |- Throttle type: integer required: - enabled title: |- FullClientLogs type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBGeoLocation: description: |- Advanced load balancer GeoLocation object properties: latitude: description: | Latitude of the location. This is represented as degrees.minutes. The range is from -90.0 (south) to +90.0 (north). Allowed values are -90.0-+90.0. title: |- Latitude type: number longitude: description: | Longitude of the location. This is represented as degrees.minutes. The range is from -180.0 (west) to +180.0 (east). Allowed values are -180.0-+180.0. title: |- Longitude type: number name: description: |- Location name in the format Country/State/City. title: |- Name type: string tag: description: |- Location tag string - example USEast. title: |- Tag type: string title: |- GeoLocation type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMAwsCloudHsm: description: |- Advanced load balancer HSMAwsCloudHsm object properties: client_config: description: |- client_config of HSMAwsCloudHsm. title: |- Client config type: string cluster_cert: description: |- AWS CloudHSM Cluster Certificate. title: |- Cluster cert type: string crypto_user_name: description: | Username of the Crypto User. This will be used to access the keys on the HSM . title: |- Crypto user name type: string crypto_user_password: description: | Password of the Crypto User. This will be used to access the keys on the HSM . title: |- Crypto user password type: string hsm_ip: description: | IP address of the HSM in the cluster. If there are more than one HSMs, only one is sufficient. items: type: string title: |- Hsm ip type: array mgmt_config: description: |- mgmt_config of HSMAwsCloudHsm. title: |- Mgmt config type: string title: |- HSMAwsCloudHsm type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMSafenetClientInfo: description: |- Advanced load balancer HSMSafenetClientInfo object properties: chrystoki_conf: description: |- Generated File - Chrystoki.conf . title: |- Chrystoki conf type: string client_cert: description: |- Client Certificate generated by createCert. title: |- Client cert type: string client_ip: description: |- Name prepended to client key and certificate filename. title: |- Client ip type: string client_priv_key: description: |- Client Private Key generated by createCert. title: |- Client priv key type: string session_major_number: description: |- Major number of the sesseion. format: int64 title: |- Session major number type: integer session_minor_number: description: |- Minor number of the sesseion. format: int64 title: |- Session minor number type: integer required: - client_ip title: |- HSMSafenetClientInfo type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMSafenetLuna: description: |- Advanced load balancer HSMSafenetLuna object properties: ha_group_num: description: |- Group Number of generated HA Group. format: int64 title: |- Ha group num type: integer is_ha: default: false description: | Set to indicate HA across more than one servers. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is ha type: boolean node_info: description: |- Node specific information. items: $ref: '#/definitions/ALBHSMSafenetClientInfo' title: |- Node info type: array server: description: |- SafeNet/Gemalto HSM Servers used for crypto operations. items: $ref: '#/definitions/ALBHSMSafenetLunaServer' title: |- Server type: array server_pem: description: |- Generated File - server.pem. title: |- Server pem type: string use_dedicated_network: default: false description: | If enabled, dedicated network is used to communicate with HSM,else, the management network is used. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use dedicated network type: boolean required: - is_ha title: |- HSMSafenetLuna type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMSafenetLunaServer: description: |- Advanced load balancer HSMSafenetLunaServer object properties: index: description: |- Number of index. format: int64 title: |- Index type: integer partition_passwd: description: |- Password of the partition assigned to this client. title: |- Partition passwd type: string partition_serial_number: description: |- Serial number of the partition assigned to this client. title: |- Partition serial number type: string remote_ip: description: |- IP address of the Safenet/Gemalto HSM device. title: |- Remote ip type: string server_cert: description: |- CA certificate of the server. title: |- Server cert type: string required: - index - remote_ip - server_cert title: |- HSMSafenetLunaServer type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMThalesNetHsm: description: |- Advanced load balancer HSMThalesNetHsm object properties: esn: description: | Electronic serial number of the netHSM device. Use Thales anonkneti utility to find the netHSM ESN. title: |- Esn type: string keyhash: description: | Hash of the key that netHSM device uses to authenticate itself. Use Thales anonkneti utility to find the netHSM keyhash. title: |- Keyhash type: string module_id: default: 0 description: | Local module id of the netHSM device. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Module id type: integer priority: default: 100 description: | Priority class of the nethsm in an high availability setup. 1 is the highest priority and 100 is the lowest priority. Allowed values are 1-100. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 100 minimum: 1 title: |- Priority type: integer remote_ip: $ref: '#/definitions/ALBIpAddr' description: |- IP address of the netHSM device. title: |- Remote ip remote_port: default: 9004 description: | Port at which the netHSM device accepts the connection. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 9004. format: int64 maximum: 65535 minimum: 1 title: |- Remote port type: integer required: - priority - esn - keyhash - remote_ip title: |- HSMThalesNetHsm type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHSMThalesRFS: description: |- Advanced load balancer HSMThalesRFS object properties: ip: $ref: '#/definitions/ALBIpAddr' description: | IP address of the RFS server from where to sync the Thales encrypted private key. title: |- Ip port: default: 9004 description: | Port at which the RFS server accepts the sync request from clients for Thales encrypted private key. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 9004. format: int64 maximum: 65535 minimum: 1 title: |- Port type: integer required: - ip title: |- HSMThalesRFS type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTP2ApplicationProfile: description: |- Advanced load balancer HTTP2ApplicationProfile object properties: http2_initial_window_size: default: 64 description: | The initial flow control window size in KB for HTTP/2 streams. Allowed values are 64-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 64. format: int64 maximum: 32768 minimum: 64 title: |- Http2 initial window size type: integer max_http2_concurrent_streams_per_connection: default: 128 description: | The max number of concurrent streams over a client side HTTP/2 connection. Allowed values are 1-256. Default value when not specified in API or module is interpreted by ALB Controller as 128. format: int64 maximum: 256 minimum: 1 title: |- Max http2 concurrent streams per connection type: integer max_http2_control_frames_per_connection: default: 1000 description: | The max number of control frames that client can send over an HTTP/2 connection. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited control frames on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. format: int64 maximum: 10000 minimum: 0 title: |- Max http2 control frames per connection type: integer max_http2_empty_data_frames_per_connection: default: 1000 description: | The max number of empty data frames that client can send over an HTTP/2 connection. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited empty data frames over a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. format: int64 maximum: 10000 minimum: 0 title: |- Max http2 empty data frames per connection type: integer max_http2_header_field_size: default: 4096 description: | The maximum size in bytes of the compressed request header field. The limit applies equally to both name and value. Allowed values are 1-8192. Unit is BYTES. Default value when not specified in API or module is interpreted by ALB Controller as 4096. format: int64 maximum: 8192 minimum: 1 title: |- Max http2 header field size type: integer max_http2_queued_frames_to_client_per_connection: default: 1000 description: | The max number of frames that can be queued waiting to be sent over a client side HTTP/2 connection at any given time. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited frames can be queued on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. format: int64 maximum: 10000 minimum: 0 title: |- Max http2 queued frames to client per connection type: integer max_http2_requests_per_connection: default: 1000 description: | The maximum number of requests over a client side HTTP/2 connection. Allowed values are 0-10000. Special values are 0- 'Unlimited requests on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. format: int64 maximum: 10000 minimum: 0 title: |- Max http2 requests per connection type: integer title: |- HTTP2ApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPApplicationProfile: description: |- Advanced load balancer HTTPApplicationProfile object properties: allow_dots_in_header_name: default: false description: | Allow use of dot (.) in HTTP header names, for instance Header.app.special PickAppVersionX. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Allow dots in header name type: boolean cache_config: $ref: '#/definitions/ALBHttpCacheConfig' description: |- HTTP Caching config to use with this HTTP Profile. title: |- Cache config client_body_timeout: default: 30000 description: | The maximum length of time allowed between consecutive read operations for a client request body. The value '0' specifies no timeout. This setting generally impacts the length of time allowed for a client to send a POST. Allowed values are 0-100000000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 30000. format: int64 maximum: 100000000 minimum: 0 title: |- Client body timeout type: integer client_header_timeout: default: 10000 description: | The maximum length of time allowed for a client to transmit an entire request header. This helps mitigate various forms of SlowLoris attacks. Allowed values are 10-100000000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 10000. format: int64 maximum: 100000000 minimum: 10 title: |- Client header timeout type: integer client_max_body_size: default: 0 description: | Maximum size for the client request body. This limits the size of the client data that can be uploaded/posted as part of a single HTTP Request. Default 0 => Unlimited. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Client max body size type: integer client_max_header_size: default: 12 description: | Maximum size in Kbytes of a single HTTP header in the client request. Allowed values are 1-64. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 12. format: int64 maximum: 64 minimum: 1 title: |- Client max header size type: integer client_max_request_size: default: 48 description: | Maximum size in Kbytes of all the client HTTP request headers. Allowed values are 1-256. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 48. format: int64 maximum: 256 minimum: 1 title: |- Client max request size type: integer compression_profile: $ref: '#/definitions/ALBCompressionProfile' description: |- HTTP Compression settings to use with this HTTP Profile. title: |- Compression profile connection_multiplexing_enabled: default: true description: | Allows HTTP requests, not just TCP connections, to be load balanced across servers. Proxied TCP connections to servers may be reused by multiple clients to improve performance. Not compatible with Preserve Client IP. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Connection multiplexing enabled type: boolean disable_keepalive_posts_msie6: default: true description: | Disable keep-alive client side connections for older browsers based off MS Internet Explorer 6.0 (MSIE6). For some applications, this might break NTLM authentication for older clients based off MSIE6. For such applications, set this option to false to allow keep-alive connections. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Disable keepalive posts msie6 type: boolean disable_sni_hostname_check: default: false description: | Disable strict check between TLS servername and HTTP Host name. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Disable sni hostname check type: boolean enable_chunk_merge: default: true description: | Enable chunk body merge for chunked transfer encoding response. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable chunk merge type: boolean enable_fire_and_forget: default: false description: | Enable support for fire and forget feature. If enabled, request from client is forwarded to server even if client prematurely closes the connection. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable fire and forget type: boolean enable_request_body_buffering: default: false description: | Enable request body buffering for POST requests. If enabled, max buffer size is set to lower of 32M or the value (non-zero) configured in client_max_body_size. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable request body buffering type: boolean enable_request_body_metrics: default: false description: | Enable HTTP request body metrics. If enabled, requests from clients are parsed and relevant statistics about them are gathered. Currently, it processes HTTP POST requests with Content-Type application/x-www-form-urlencoded or multipart/form-data, and adds the number of detected parameters to the l7_client.http_params_count. This is an experimental feature and it may have performance impact. Use it when detailed information about the number of HTTP POST parameters is needed, e.g. for WAF sizing. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable request body metrics type: boolean fwd_close_hdr_for_bound_connections: default: true description: | Forward the Connection Close header coming from backend server to the client if connection-switching is enabled, i.e. front-end and backend connections are bound together. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Fwd close hdr for bound connections type: boolean hsts_enabled: default: false description: | Inserts HTTP Strict-Transport-Security header in the HTTPS response. HSTS can help mitigate man-in-the-middle attacks by telling browsers that support HSTS that they should only access this site via HTTPS. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Hsts enabled type: boolean hsts_max_age: default: 365 description: | Number of days for which the client should regard this virtual service as a known HSTS host. Allowed values are 0-10000. Default value when not specified in API or module is interpreted by ALB Controller as 365. format: int64 maximum: 10000 minimum: 0 title: |- Hsts max age type: integer hsts_subdomains_enabled: default: true description: | Insert the 'includeSubdomains' directive in the HTTP Strict-Transport-Security header. Adding the includeSubdomains directive signals the User-Agent that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host's domain name. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Hsts subdomains enabled type: boolean http2_profile: $ref: '#/definitions/ALBHTTP2ApplicationProfile' description: | Specifies the HTTP/2 specific application profile parameters. title: |- Http2 profile http_to_https: default: false description: | Client requests received via HTTP will be redirected to HTTPS. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Http to https type: boolean http_upstream_buffer_size: default: 0 description: | Size of HTTP buffer in kB. Allowed values are 1-256. Special values are 0- 'Auto compute the size of buffer'. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 256 minimum: 0 title: |- Http upstream buffer size type: integer httponly_enabled: default: false description: | Mark HTTP cookies as HTTPonly. This helps mitigate cross site scripting attacks as browsers will not allow these cookies to be read by third parties, such as javascript. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Httponly enabled type: boolean keepalive_header: default: false description: | Send HTTP 'Keep-Alive' header to the client. By default, the timeout specified in the 'Keep-Alive Timeout' field will be used unless the 'Use App Keepalive Timeout' flag is set, in which case the timeout sent by the application will be honored. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Keepalive header type: boolean keepalive_timeout: default: 30000 description: | The max idle time allowed between HTTP requests over a Keep-alive connection. Allowed values are 10-100000000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 30000. format: int64 maximum: 100000000 minimum: 10 title: |- Keepalive timeout type: integer max_bad_rps_cip: default: 0 description: | Maximum bad requests per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max bad rps cip type: integer max_bad_rps_cip_uri: default: 0 description: | Maximum bad requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max bad rps cip uri type: integer max_bad_rps_uri: default: 0 description: | Maximum bad requests per second per URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max bad rps uri type: integer max_keepalive_requests: default: 100 description: | The max number of HTTP requests that can be sent over a Keep-Alive connection. '0' means unlimited. Allowed values are 0-1000000. Special values are 0- 'Unlimited requests on a connection'. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 1000000 minimum: 0 title: |- Max keepalive requests type: integer max_response_headers_size: default: 48 description: | Maximum size in Kbytes of all the HTTP response headers. Allowed values are 1-256. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 48. format: int64 maximum: 256 minimum: 1 title: |- Max response headers size type: integer max_rps_cip: default: 0 description: | Maximum requests per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max rps cip type: integer max_rps_cip_uri: default: 0 description: | Maximum requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max rps cip uri type: integer max_rps_unknown_cip: default: 0 description: | Maximum unknown client IPs per second. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max rps unknown cip type: integer max_rps_unknown_uri: default: 0 description: | Maximum unknown URIs per second. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max rps unknown uri type: integer max_rps_uri: default: 0 description: | Maximum requests per second per URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max rps uri type: integer pki_profile_path: description: | Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List. It is a reference to an object of type PKIProfile. title: |- Pki profile path type: string post_accept_timeout: default: 30000 description: | The max allowed length of time between a client establishing a TCP connection until Avi receives the first byte of the client's HTTP request. Allowed values are 10-100000000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 30000. format: int64 maximum: 100000000 minimum: 10 title: |- Post accept timeout type: integer reset_conn_http_on_ssl_port: default: false description: | If enabled, an HTTP request on an SSL port will result in connection close instead of a 400 response. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Reset conn http on ssl port type: boolean respond_with_100_continue: default: true description: "Avi will respond with 100-Continue response if Expect \n100-Continue\ \ header received from client.\nDefault value when not specified in API\ \ or module is\ninterpreted by ALB Controller as true.\n" title: |- Respond with 100 continue type: boolean secure_cookie_enabled: default: false description: | Mark server cookies with the 'Secure' attribute. Client browsers will not send a cookie marked as secure over an unencrypted connection. If Avi is terminating SSL from clients and passing it as HTTP to the server, the server may return cookies without the secure flag set. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Secure cookie enabled type: boolean server_side_redirect_to_https: default: false description: | When terminating client SSL sessions at Avi, servers may incorrectly send redirect to clients as HTTP. This option will rewrite the server's redirect responses for this virtual service from HTTP to HTTPS. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Server side redirect to https type: boolean ssl_client_certificate_action: $ref: '#/definitions/ALBSSLClientCertificateAction' description: | Set of match/action rules that govern what happens when the client certificate request is enabled. title: |- Ssl client certificate action ssl_client_certificate_mode: default: SSL_CLIENT_CERTIFICATE_NONE description: | Specifies whether the client side verification is set to none, request or require. Enum options - SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CLIENT_CERTIFICATE_NONE. enum: - SSL_CLIENT_CERTIFICATE_NONE - SSL_CLIENT_CERTIFICATE_REQUEST - SSL_CLIENT_CERTIFICATE_REQUIRE type: string use_app_keepalive_timeout: default: false description: | Use 'Keep-Alive' header timeout sent by application instead of sending the HTTP Keep-Alive Timeout. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use app keepalive timeout type: boolean websockets_enabled: default: true description: | Enable Websockets proxy for traffic from clients to the virtual service. Connections to this VS start in HTTP mode. If the client requests an Upgrade to Websockets, and the server responds back with success, then the connection is upgraded to WebSockets mode. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Websockets enabled type: boolean x_forwarded_proto_enabled: default: false description: | Insert an X-Forwarded-Proto header in the request sent to the server. When the client connects via SSL, Avi terminates the SSL, and then forwards the requests to the servers via HTTP, so the servers can determine the original protocol via this header. In this example, the value will be 'https'. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- X forwarded proto enabled type: boolean xff_alternate_name: default: X-Forwarded-For description: | Provide a custom name for the X-Forwarded-For header sent to the servers. Default value when not specified in API or module is interpreted by ALB Controller as X-Forwarded-For. title: |- Xff alternate name type: string xff_enabled: default: true description: | The client's original IP address is inserted into an HTTP request header sent to the server. Servers may use this address for logging or other purposes, rather than Avi's source NAT address used in the Avi to server IP connection. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Xff enabled type: boolean title: |- HTTPApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPClientAuthenticationParams: description: |- Advanced load balancer HTTPClientAuthenticationParams object properties: auth_profile_path: description: | Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. title: |- Auth profile path type: string realm: description: | Basic authentication realm to present to a user along with the prompt for credentials. title: |- Realm type: string request_uri_path: $ref: '#/definitions/ALBStringMatch' description: |- Rrequest URI path when the authentication applies. title: |- Request uri path type: description: | type of client authentication. Enum options - HTTP_BASIC_AUTH. enum: - HTTP_BASIC_AUTH type: string title: |- HTTPClientAuthenticationParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPCookieData: description: |- Advanced load balancer HTTPCookieData object properties: name: description: |- Cookie name. title: |- Name type: string value: description: |- Cookie value. title: |- Value type: string title: |- HTTPCookieData type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPHdrAction: description: |- Advanced load balancer HTTPHdrAction object properties: action: description: | ADD A new header with the new value is added irrespective of the existence of an HTTP header of the given name. REPLACE A new header with the new value is added if no header of the given name exists, else existing headers with the given name are removed and a new header with the new value is added. REMOVE All the headers of the given name are removed. Enum options - HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR. enum: - HTTP_ADD_HDR - HTTP_REMOVE_HDR - HTTP_REPLACE_HDR type: string cookie: $ref: '#/definitions/ALBHTTPCookieData' description: |- Cookie information. title: |- Cookie hdr: $ref: '#/definitions/ALBHTTPHdrData' description: |- HTTP header information. title: |- Hdr required: - action title: |- HTTPHdrAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPHdrData: description: |- Advanced load balancer HTTPHdrData object properties: name: description: |- HTTP header name. title: |- Name type: string value: $ref: '#/definitions/ALBHTTPHdrValue' description: |- HTTP header value. title: |- Value title: |- HTTPHdrData type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPHdrValue: description: |- Advanced load balancer HTTPHdrValue object properties: val: description: |- HTTP header value or variable representing an HTTP header. title: |- Val type: string var: description: | Variable. Enum options - HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID. enum: - HTTP_POLICY_VAR_CLIENT_IP - HTTP_POLICY_VAR_VS_PORT - HTTP_POLICY_VAR_VS_IP - HTTP_POLICY_VAR_HTTP_HDR - HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT - HTTP_POLICY_VAR_SSL_CLIENT_SERIAL - HTTP_POLICY_VAR_SSL_CLIENT_ISSUER - HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT - HTTP_POLICY_VAR_SSL_CLIENT_RAW - HTTP_POLICY_VAR_SSL_PROTOCOL - HTTP_POLICY_VAR_SSL_SERVER_NAME - HTTP_POLICY_VAR_USER_NAME - HTTP_POLICY_VAR_SSL_CIPHER - HTTP_POLICY_VAR_REQUEST_ID type: string title: |- HTTPHdrValue type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPLocalFile: description: |- Advanced load balancer HTTPLocalFile object properties: content_type: description: |- Mime-type of the content in the file. title: |- Content type type: string file_content: description: |- File content to used in the local HTTP response body. title: |- File content type: string required: - file_content - content_type title: |- HTTPLocalFile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPPolicies: description: |- Advanced load balancer HTTPPolicies object properties: http_policy_set_path: description: | path of the virtual service HTTP policy collection. It is a reference to an object of type HTTPPolicySet. title: |- Http policy set path type: string index: description: |- Index of the virtual service HTTP policy collection. format: int64 title: |- Index type: integer required: - index - http_policy_set_path title: |- HTTPPolicies type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPPolicySet: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cloud_config_cksum: description: | Checksum of cloud configuration for Pool. Internally set by cloud connector. title: |- Cloud config cksum type: string created_by: description: |- Creator name. title: |- Created by type: string http_request_policy: $ref: '#/definitions/ALBHTTPRequestPolicy' description: |- HTTP request policy for the virtual service. title: |- Http request policy http_response_policy: $ref: '#/definitions/ALBHTTPResponsePolicy' description: |- HTTP response policy for the virtual service. title: |- Http response policy http_security_policy: $ref: '#/definitions/ALBHTTPSecurityPolicy' description: |- HTTP security policy for the virtual service. title: |- Http security policy is_internal_policy: default: false description: | Placeholder for description of property is_internal_policy of obj type HTTPPolicySet field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is internal policy type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer HTTPPolicySet object title: |- HTTPPolicySet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPPolicySetApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of HTTPPolicySet items: $ref: '#/definitions/ALBHTTPPolicySet' title: |- Array of HTTPPolicySet type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | HTTPPolicySetApiResponse title: |- HTTPPolicySetApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPRedirectAction: description: |- Advanced load balancer HTTPRedirectAction object properties: host: $ref: '#/definitions/ALBURIParam' description: |- Host config. title: |- Host keep_query: default: true description: | Keep or drop the query of the incoming request URI in the redirected URI. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Keep query type: boolean path: $ref: '#/definitions/ALBURIParam' description: |- Path config. title: |- Path port: description: | Port to which redirect the request. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Port type: integer protocol: description: | Protocol type. Enum options - HTTP, HTTPS. enum: - HTTP - HTTPS type: string status_code: default: HTTP_REDIRECT_STATUS_CODE_302 description: | HTTP redirect status code. Enum options - HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_REDIRECT_STATUS_CODE_302. enum: - HTTP_REDIRECT_STATUS_CODE_301 - HTTP_REDIRECT_STATUS_CODE_302 - HTTP_REDIRECT_STATUS_CODE_307 type: string required: - protocol title: |- HTTPRedirectAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPRequestPolicy: description: |- Advanced load balancer HTTPRequestPolicy object properties: rules: description: |- Add rules to the HTTP request policy. items: $ref: '#/definitions/ALBHTTPRequestRule' title: |- Rules type: array title: |- HTTPRequestPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPRequestRule: description: |- Advanced load balancer HTTPRequestRule object properties: all_headers: description: |- Log all HTTP headers upon rule match. title: |- All headers type: boolean enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean hdr_action: description: |- HTTP header rewrite action. items: $ref: '#/definitions/ALBHTTPHdrAction' title: |- Hdr action type: array index: description: |- Index of the rule. format: int64 title: |- Index type: integer log: description: |- Log HTTP request upon rule match. title: |- Log type: boolean match: $ref: '#/definitions/ALBMatchTarget' description: |- Add match criteria to the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string redirect_action: $ref: '#/definitions/ALBHTTPRedirectAction' description: |- HTTP redirect action. title: |- Redirect action rewrite_url_action: $ref: '#/definitions/ALBHTTPRewriteURLAction' description: |- HTTP request URL rewrite action. title: |- Rewrite url action switching_action: $ref: '#/definitions/ALBHTTPSwitchingAction' description: |- Content switching action. title: |- Switching action required: - index - enable - name title: |- HTTPRequestRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPReselectRespCode: description: |- Advanced load balancer HTTPReselectRespCode object properties: codes: description: | HTTP response code to be matched. Allowed values are 400-599. items: format: int64 type: integer title: |- Codes type: array ranges: description: |- HTTP response code ranges to match. items: $ref: '#/definitions/ALBHTTPStatusRange' title: |- Ranges type: array resp_code_block: description: | Block of HTTP response codes to match for server reselect. Enum options - HTTP_RSP_4XX, HTTP_RSP_5XX. items: description: |- Valid ENUM values for ALBHttpReselectRespCodeBlock enum: - HTTP_RSP_4XX - HTTP_RSP_5XX type: string title: |- Resp code block type: array title: |- HTTPReselectRespCode type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPResponsePolicy: description: |- Advanced load balancer HTTPResponsePolicy object properties: rules: description: |- Add rules to the HTTP response policy. items: $ref: '#/definitions/ALBHTTPResponseRule' title: |- Rules type: array title: |- HTTPResponsePolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPResponseRule: description: |- Advanced load balancer HTTPResponseRule object properties: all_headers: description: |- Log all HTTP headers upon rule match. title: |- All headers type: boolean enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean hdr_action: description: |- HTTP header rewrite action. items: $ref: '#/definitions/ALBHTTPHdrAction' title: |- Hdr action type: array index: description: |- Index of the rule. format: int64 title: |- Index type: integer loc_hdr_action: $ref: '#/definitions/ALBHTTPRewriteLocHdrAction' description: |- Location header rewrite action. title: |- Loc hdr action log: description: |- Log HTTP request upon rule match. title: |- Log type: boolean match: $ref: '#/definitions/ALBResponseMatchTarget' description: |- Add match criteria to the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - index - enable - name title: |- HTTPResponseRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPRewriteLocHdrAction: description: |- Advanced load balancer HTTPRewriteLocHdrAction object properties: host: $ref: '#/definitions/ALBURIParam' description: |- Host config. title: |- Host keep_query: default: true description: | Keep or drop the query from the server side redirect URI. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Keep query type: boolean path: $ref: '#/definitions/ALBURIParam' description: |- Path config. title: |- Path port: description: | Port to use in the redirected URI. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Port type: integer protocol: description: | HTTP protocol type. Enum options - HTTP, HTTPS. enum: - HTTP - HTTPS type: string required: - protocol title: |- HTTPRewriteLocHdrAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPRewriteURLAction: description: |- Advanced load balancer HTTPRewriteURLAction object properties: host_hdr: $ref: '#/definitions/ALBURIParam' description: |- Host config. title: |- Host hdr path: $ref: '#/definitions/ALBURIParam' description: |- Path config. title: |- Path query: $ref: '#/definitions/ALBURIParamQuery' description: |- Query config. title: |- Query title: |- HTTPRewriteURLAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPSecurityAction: description: |- Advanced load balancer HTTPSecurityAction object properties: action: description: | Type of the security action to perform. Enum options - HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT, HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP. enum: - HTTP_SECURITY_ACTION_CLOSE_CONN - HTTP_SECURITY_ACTION_SEND_RESPONSE - HTTP_SECURITY_ACTION_ALLOW - HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS - HTTP_SECURITY_ACTION_RATE_LIMIT - HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP type: string file: $ref: '#/definitions/ALBHTTPLocalFile' description: |- File to be used for generating HTTP local response. title: |- File https_port: description: | Secure SSL/TLS port to redirect the HTTP request to. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Https port type: integer rate_profile: $ref: '#/definitions/ALBHTTPSecurityActionRateProfile' description: |- Rate limiting configuration for this action. title: |- Rate profile status_code: description: | HTTP status code to use for local response. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. enum: - HTTP_LOCAL_RESPONSE_STATUS_CODE_200 - HTTP_LOCAL_RESPONSE_STATUS_CODE_204 - HTTP_LOCAL_RESPONSE_STATUS_CODE_403 - HTTP_LOCAL_RESPONSE_STATUS_CODE_404 - HTTP_LOCAL_RESPONSE_STATUS_CODE_429 - HTTP_LOCAL_RESPONSE_STATUS_CODE_501 type: string required: - action title: |- HTTPSecurityAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPSecurityActionRateProfile: description: |- Advanced load balancer HTTPSecurityActionRateProfile object properties: action: $ref: '#/definitions/ALBRateLimiterAction' description: |- The action to take when the rate limit has been reached. title: |- Action per_client_ip: description: |- Rate limiting should be done on a per client ip basis. title: |- Per client ip type: boolean per_uri_path: description: | Rate limiting should be done on a per request uri path basis. title: |- Per uri path type: boolean rate_limiter: $ref: '#/definitions/ALBRateLimiter' description: |- The rate limiter used when this action is triggered. title: |- Rate limiter required: - action - rate_limiter title: |- HTTPSecurityActionRateProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPSecurityPolicy: description: |- Advanced load balancer HTTPSecurityPolicy object properties: rules: description: |- Add rules to the HTTP security policy. items: $ref: '#/definitions/ALBHTTPSecurityRule' title: |- Rules type: array title: |- HTTPSecurityPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPSecurityRule: description: |- Advanced load balancer HTTPSecurityRule object properties: action: $ref: '#/definitions/ALBHTTPSecurityAction' description: |- Action to be performed upon successful matching. title: |- Action enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: |- Index of the rule. format: int64 title: |- Index type: integer log: description: |- Log HTTP request upon rule match. title: |- Log type: boolean match: $ref: '#/definitions/ALBMatchTarget' description: |- Add match criteria to the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - index - enable - name title: |- HTTPSecurityRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPServerReselect: description: |- Advanced load balancer HTTPServerReselect object properties: enabled: default: false description: | Enable HTTP request reselect when server responds with specific response codes. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean num_retries: default: 4 description: | Number of times to retry an HTTP request when server responds with configured status codes. Default value when not specified in API or module is interpreted by ALB Controller as 4. format: int64 title: |- Num retries type: integer retry_nonidempotent: default: false description: | Allow retry of non-idempotent HTTP requests. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Retry nonidempotent type: boolean retry_timeout: default: 0 description: | Timeout per retry attempt, for a given request. Value of 0 indicates default timeout. Allowed values are 0-3600000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 3600000 minimum: 0 title: |- Retry timeout type: integer svr_resp_code: $ref: '#/definitions/ALBHTTPReselectRespCode' description: | Server response codes which will trigger an HTTP request retry. title: |- Svr resp code required: - enabled title: |- HTTPServerReselect type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPStatusMatch: description: |- Advanced load balancer HTTPStatusMatch object properties: match_criteria: description: | Criterion to use for matching the HTTP response status code(s). Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string ranges: description: |- HTTP response status code range(s). items: $ref: '#/definitions/ALBHTTPStatusRange' title: |- Ranges type: array status_codes: description: |- HTTP response status code(s). items: format: int64 type: integer title: |- Status codes type: array required: - match_criteria title: |- HTTPStatusMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPStatusRange: description: |- Advanced load balancer HTTPStatusRange object properties: begin: description: |- Starting HTTP response status code. format: int64 title: |- Begin type: integer end: description: |- Ending HTTP response status code. format: int64 title: |- End type: integer required: - begin - end title: |- HTTPStatusRange type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPSwitchingAction: description: |- Advanced load balancer HTTPSwitchingAction object properties: action: description: | Content switching action type. Enum options - HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP. enum: - HTTP_SWITCHING_SELECT_POOL - HTTP_SWITCHING_SELECT_LOCAL - HTTP_SWITCHING_SELECT_POOLGROUP type: string file: $ref: '#/definitions/ALBHTTPLocalFile' description: |- File from which to serve local response to the request. title: |- File pool_group_path: description: | path of the pool group to serve the request. It is a reference to an object of type PoolGroup. title: |- Pool group path type: string pool_path: description: | path of the pool of servers to serve the request. It is a reference to an object of type Pool. title: |- Pool path type: string server: $ref: '#/definitions/ALBPoolServer' description: |- Specific pool server to select. title: |- Server status_code: description: | HTTP status code to use when serving local response. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. enum: - HTTP_LOCAL_RESPONSE_STATUS_CODE_200 - HTTP_LOCAL_RESPONSE_STATUS_CODE_204 - HTTP_LOCAL_RESPONSE_STATUS_CODE_403 - HTTP_LOCAL_RESPONSE_STATUS_CODE_404 - HTTP_LOCAL_RESPONSE_STATUS_CODE_429 - HTTP_LOCAL_RESPONSE_STATUS_CODE_501 type: string required: - action title: |- HTTPSwitchingAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHTTPVersionMatch: description: |- Advanced load balancer HTTPVersionMatch object properties: match_criteria: description: | Criterion to use for HTTP version matching the version used in the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string versions: description: | HTTP protocol version. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO. Minimum of 1 items required. Maximum of 8 items allowed. items: description: |- Valid ENUM values for ALBHTTPVersion enum: - ZERO_NINE - ONE_ZERO - ONE_ONE - TWO_ZERO type: string title: |- Versions type: array required: - versions - match_criteria title: |- HTTPVersionMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHardwareSecurityModule: description: |- Advanced load balancer HardwareSecurityModule object properties: cloudhsm: $ref: '#/definitions/ALBHSMAwsCloudHsm' description: |- AWS CloudHSM specific configuration. title: |- Cloudhsm nethsm: description: |- Thales netHSM specific configuration. items: $ref: '#/definitions/ALBHSMThalesNetHsm' title: |- Nethsm type: array rfs: $ref: '#/definitions/ALBHSMThalesRFS' description: | Thales Remote File Server (RFS), used for the netHSMs, configuration. title: |- Rfs sluna: $ref: '#/definitions/ALBHSMSafenetLuna' description: |- Safenet/Gemalto Luna/Gem specific configuration. title: |- Sluna type: description: | HSM type to use. Enum options - HSM_TYPE_THALES_NETHSM, HSM_TYPE_SAFENET_LUNA, HSM_TYPE_AWS_CLOUDHSM. enum: - HSM_TYPE_THALES_NETHSM - HSM_TYPE_SAFENET_LUNA - HSM_TYPE_AWS_CLOUDHSM type: string required: - type title: |- HardwareSecurityModule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHardwareSecurityModuleGroup: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: hsm: $ref: '#/definitions/ALBHardwareSecurityModule' description: |- Hardware Security Module configuration. title: |- Hsm required: - hsm type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer HardwareSecurityModuleGroup object title: |- HardwareSecurityModuleGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHardwareSecurityModuleGroupApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of HardwareSecurityModuleGroup items: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' title: |- Array of HardwareSecurityModuleGroup type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | HardwareSecurityModuleGroupApiResponse title: |- HardwareSecurityModuleGroupApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHdrMatch: description: |- Advanced load balancer HdrMatch object properties: hdr: description: |- Name of the HTTP header whose value is to be matched. title: |- Hdr type: string match_case: default: INSENSITIVE description: | Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: description: | Criterion to use for matching headers in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. enum: - HDR_EXISTS - HDR_DOES_NOT_EXIST - HDR_BEGINS_WITH - HDR_DOES_NOT_BEGIN_WITH - HDR_CONTAINS - HDR_DOES_NOT_CONTAIN - HDR_ENDS_WITH - HDR_DOES_NOT_END_WITH - HDR_EQUALS - HDR_DOES_NOT_EQUAL type: string value: description: |- String values to match in the HTTP header. items: type: string title: |- Value type: array required: - hdr - match_criteria title: |- HdrMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHdrPersistenceProfile: description: |- Advanced load balancer HdrPersistenceProfile object properties: prst_hdr_name: description: |- Header name for custom header persistence. title: |- Prst hdr name type: string title: |- HdrPersistenceProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitor: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allow_duplicate_monitors: description: | By default, multiple instances of the same healthmonitor to the same server are suppressed intelligently. In rare cases, the monitor may have specific constructs that go beyond the server keys (ip, port, etc.) during which such suppression is not desired. Use this knob to allow duplicates. title: |- Allow duplicate monitors type: boolean authentication: $ref: '#/definitions/ALBHealthMonitorAuthInfo' description: |- Authentication information for username/password. title: |- Authentication disable_quickstart: description: | During addition of a server or healthmonitors or during bootup, Avi performs sequential health checks rather than waiting for send-interval to kick in, to mark the server up as soon as possible. This knob may be used to turn this feature off. title: |- Disable quickstart type: boolean dns_monitor: $ref: '#/definitions/ALBHealthMonitorDNS' description: | Placeholder for description of property dns_monitor of obj type HealthMonitor field type str type ref. title: |- Dns monitor external_monitor: $ref: '#/definitions/ALBHealthMonitorExternal' description: | Placeholder for description of property external_monitor of obj type HealthMonitor field type str type ref. title: |- External monitor failed_checks: default: 2 description: | Number of continuous failed health checks before the server is marked down. Allowed values are 1-50. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 50 minimum: 1 title: |- Failed checks type: integer http_monitor: $ref: '#/definitions/ALBHealthMonitorHttp' description: | Placeholder for description of property http_monitor of obj type HealthMonitor field type str type ref. title: |- Http monitor https_monitor: $ref: '#/definitions/ALBHealthMonitorHttp' description: | Placeholder for description of property https_monitor of obj type HealthMonitor field type str type ref. title: |- Https monitor is_federated: default: false description: | This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is federated type: boolean monitor_port: description: | Use this port instead of the port defined for the server in the Pool. If the monitor succeeds to this port, the load balanced traffic will still be sent to the port of the server defined within the Pool. Allowed values are 1-65535. Special values are 0 - 'Use server port'. format: int64 maximum: 65535 minimum: 0 title: |- Monitor port type: integer radius_monitor: $ref: '#/definitions/ALBHealthMonitorRadius' description: |- Health monitor for Radius. title: |- Radius monitor receive_timeout: default: 4 description: | A valid response from the server is expected within the receive timeout window. This timeout must be less than the send interval. If server status is regularly flapping up and down, consider increasing this value. Allowed values are 1-2400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 4. format: int64 maximum: 2400 minimum: 1 title: |- Receive timeout type: integer send_interval: default: 10 description: | Frequency, in seconds, that monitors are sent to a server. Allowed values are 1-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 3600 minimum: 1 title: |- Send interval type: integer sip_monitor: $ref: '#/definitions/ALBHealthMonitorSIP' description: |- Health monitor for SIP. title: |- Sip monitor successful_checks: default: 2 description: | Number of continuous successful health checks before server is marked up. Allowed values are 1-50. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 50 minimum: 1 title: |- Successful checks type: integer tcp_monitor: $ref: '#/definitions/ALBHealthMonitorTcp' description: | Placeholder for description of property tcp_monitor of obj type HealthMonitor field type str type ref. title: |- Tcp monitor type: description: | Type of the health monitor. Enum options - HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP, HEALTH_MONITOR_RADIUS. enum: - HEALTH_MONITOR_PING - HEALTH_MONITOR_TCP - HEALTH_MONITOR_HTTP - HEALTH_MONITOR_HTTPS - HEALTH_MONITOR_EXTERNAL - HEALTH_MONITOR_UDP - HEALTH_MONITOR_DNS - HEALTH_MONITOR_GSLB - HEALTH_MONITOR_SIP - HEALTH_MONITOR_RADIUS type: string udp_monitor: $ref: '#/definitions/ALBHealthMonitorUdp' description: | Placeholder for description of property udp_monitor of obj type HealthMonitor field type str type ref. title: |- Udp monitor required: - type type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer HealthMonitor object title: |- HealthMonitor x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of HealthMonitor items: $ref: '#/definitions/ALBHealthMonitor' title: |- Array of HealthMonitor type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | HealthMonitorApiResponse title: |- HealthMonitorApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorAuthInfo: description: |- Advanced load balancer HealthMonitorAuthInfo object properties: password: description: |- Password for server authentication. title: |- Password type: string username: description: |- Username for server authentication. title: |- Username type: string required: - username - password title: |- HealthMonitorAuthInfo type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorDNS: description: |- Advanced load balancer HealthMonitorDNS object properties: qtype: default: DNS_QUERY_TYPE description: "Query_Type Response has atleast one answer of which \n\ the resource record type matches the query type Any_Type \nResponse should\ \ contain atleast one answer AnyThing An\nempty answer is enough.\nEnum\ \ options - DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING.\nDefault value\ \ when not specified in API or module is\ninterpreted by ALB Controller\ \ as DNS_QUERY_TYPE.\n" enum: - DNS_QUERY_TYPE - DNS_ANY_TYPE - DNS_ANY_THING type: string query_name: description: | The DNS monitor will query the DNS server for the fully qualified name in this field. title: |- Query name type: string rcode: default: RCODE_NO_ERROR description: | When No Error is selected, a DNS query will be marked failed is any error code is returned by the server. With Any selected, the monitor ignores error code in the responses. Enum options - RCODE_NO_ERROR, RCODE_ANYTHING. Default value when not specified in API or module is interpreted by ALB Controller as RCODE_NO_ERROR. enum: - RCODE_NO_ERROR - RCODE_ANYTHING type: string record_type: default: DNS_RECORD_A description: | Resource record type used in the healthmonitor DNS query, only A or AAAA type supported. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_A. enum: - DNS_RECORD_OTHER - DNS_RECORD_A - DNS_RECORD_NS - DNS_RECORD_CNAME - DNS_RECORD_SOA - DNS_RECORD_PTR - DNS_RECORD_HINFO - DNS_RECORD_MX - DNS_RECORD_TXT - DNS_RECORD_RP - DNS_RECORD_DNSKEY - DNS_RECORD_AAAA - DNS_RECORD_SRV - DNS_RECORD_OPT - DNS_RECORD_RRSIG - DNS_RECORD_AXFR - DNS_RECORD_ANY type: string response_string: description: | The resource record of the queried DNS server's response for the Request Name must include the IP address defined in this field. title: |- Response string type: string required: - query_name title: |- HealthMonitorDNS type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorExternal: description: |- Advanced load balancer HealthMonitorExternal object properties: command_code: description: |- Command script provided inline. title: |- Command code type: string command_parameters: description: |- Optional arguments to feed into the script. title: |- Command parameters type: string command_path: description: |- Path of external health monitor script. title: |- Command path type: string command_variables: description: |- Environment variables to be fed into the script. title: |- Command variables type: string required: - command_code title: |- HealthMonitorExternal type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorHttp: description: |- Advanced load balancer HealthMonitorHttp object properties: auth_type: description: | Type of the authentication method. Enum options - AUTH_BASIC, AUTH_NTLM. enum: - AUTH_BASIC - AUTH_NTLM type: string exact_http_request: default: false description: | Use the exact http_request string as specified by user, without any automatic insert of headers like Host header. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Exact http request type: boolean http_request: default: GET / HTTP/1.0 description: | Send an HTTP request to the server. The default GET / HTTP/1.0 may be extended with additional headers or information. For instance, GET /index.htm HTTP/1.1 Host www.site.com Connection Close. Default value when not specified in API or module is interpreted by ALB Controller as GET / HTTP/1.0. title: |- Http request type: string http_request_body: description: |- HTTP request body. title: |- Http request body type: string http_response: description: | Match for a keyword in the first 2Kb of the server header and body response. title: |- Http response type: string http_response_code: description: | List of HTTP response codes to match as successful. Default is 2xx. Enum options - HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX, HTTP_4XX, HTTP_5XX. Minimum of 1 items required. items: description: |- Valid ENUM values for ALBHttpResponseCode enum: - HTTP_ANY - HTTP_1XX - HTTP_2XX - HTTP_3XX - HTTP_4XX - HTTP_5XX type: string title: |- Http response code type: array maintenance_code: description: | Match or look for this HTTP response code indicating server maintenance. A successful match results in the server being marked down. Allowed values are 101-599. Maximum of 4 items allowed. items: format: int64 type: integer title: |- Maintenance code type: array maintenance_response: description: | Match or look for this keyword in the first 2KB of server header and body response indicating server maintenance. A successful match results in the server being marked down. title: |- Maintenance response type: string response_size: description: | Expected http/https response page size. Allowed values are 2048-16384. format: int64 maximum: 16384 minimum: 2048 title: |- Response size type: integer ssl_attributes: $ref: '#/definitions/ALBHealthMonitorSSLAttributes' description: |- SSL attributes for HTTPS health monitor. title: |- Ssl attributes required: - http_response_code title: |- HealthMonitorHttp type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorRadius: description: |- Advanced load balancer HealthMonitorRadius object properties: password: description: |- Radius monitor will query Radius server with this password. title: |- Password type: string shared_secret: description: | Radius monitor will query Radius server with this shared secret. title: |- Shared secret type: string username: description: |- Radius monitor will query Radius server with this username. title: |- Username type: string required: - username - password - shared_secret title: |- HealthMonitorRadius type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorSIP: description: |- Advanced load balancer HealthMonitorSIP object properties: sip_monitor_transport: default: SIP_UDP_PROTO description: | Specify the transport protocol TCP or UDP, to be used for SIP health monitor. The default transport is UDP. Enum options - SIP_UDP_PROTO, SIP_TCP_PROTO. Default value when not specified in API or module is interpreted by ALB Controller as SIP_UDP_PROTO. enum: - SIP_UDP_PROTO - SIP_TCP_PROTO type: string sip_request_code: default: SIP_OPTIONS description: | Specify the SIP request to be sent to the server. By default, SIP OPTIONS request will be sent. Enum options - SIP_OPTIONS. Default value when not specified in API or module is interpreted by ALB Controller as SIP_OPTIONS. enum: - SIP_OPTIONS type: string sip_response: default: SIP/2.0 description: | Match for a keyword in the first 2KB of the server header and body response. By default, it matches for SIP/2.0. Default value when not specified in API or module is interpreted by ALB Controller as SIP/2.0. title: |- Sip response type: string title: |- HealthMonitorSIP type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorSSLAttributes: description: |- Advanced load balancer HealthMonitorSSLAttributes object properties: pki_profile_path: description: | PKI profile used to validate the SSL certificate presented by a server. It is a reference to an object of type PKIProfile. title: |- Pki profile path type: string server_name: description: | Fully qualified DNS hostname which will be used in the TLS SNI extension in server connections indicating SNI is enabled. title: |- Server name type: string ssl_key_and_certificate_path: description: | Service engines will present this SSL certificate to the server. It is a reference to an object of type SSLKeyAndCertificate. title: |- Ssl key and certificate path type: string ssl_profile_path: description: | SSL profile defines ciphers and SSL versions to be used for healthmonitor traffic to the back-end servers. It is a reference to an object of type SSLProfile. title: |- Ssl profile path type: string required: - ssl_profile_path title: |- HealthMonitorSSLAttributes type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorTcp: description: |- Advanced load balancer HealthMonitorTcp object properties: maintenance_response: description: | Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down. title: |- Maintenance response type: string tcp_half_open: default: false description: | Configure TCP health monitor to use half-open TCP connections to monitor the health of backend servers thereby avoiding consumption of a full fledged server side connection and the overhead and logs associated with it. This method is light-weight as it makes use of listener in server's kernel layer to measure the health and a child socket or user thread is not created on the server side. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Tcp half open type: boolean tcp_request: description: |- Request data to send after completing the TCP handshake. title: |- Tcp request type: string tcp_response: description: | Match for the desired keyword in the first 2Kb of the server's TCP response. If this field is left blank, no server response is required. title: |- Tcp response type: string title: |- HealthMonitorTcp type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHealthMonitorUdp: description: |- Advanced load balancer HealthMonitorUdp object properties: maintenance_response: description: | Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down. title: |- Maintenance response type: string udp_request: description: |- Send UDP request. title: |- Udp request type: string udp_response: description: |- Match for keyword in the UDP response. title: |- Udp response type: string title: |- HealthMonitorUdp type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHostHdrMatch: description: |- Advanced load balancer HostHdrMatch object properties: match_case: default: INSENSITIVE description: | Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: description: | Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. enum: - HDR_EXISTS - HDR_DOES_NOT_EXIST - HDR_BEGINS_WITH - HDR_DOES_NOT_BEGIN_WITH - HDR_CONTAINS - HDR_DOES_NOT_CONTAIN - HDR_ENDS_WITH - HDR_DOES_NOT_END_WITH - HDR_EQUALS - HDR_DOES_NOT_EQUAL type: string value: description: |- String value(s) in the host header. items: type: string title: |- Value type: array required: - match_criteria title: |- HostHdrMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHttpCacheConfig: description: |- Advanced load balancer HttpCacheConfig object properties: age_header: default: true description: | Add an Age header to content served from cache, which indicates to the client the number of seconds the object has been in the cache. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Age header type: boolean aggressive: default: false description: | Enable/disable caching objects without Cache-Control headers. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Aggressive type: boolean date_header: default: true description: | If a Date header was not added by the server, add a Date header to the object served from cache. This indicates to the client when the object was originally sent by the server to the cache. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Date header type: boolean default_expire: default: 600 description: | Default expiration time of cache objects received from the server without a Cache-Control expiration header. This value may be overwritten by the Heuristic Expire setting. Default value when not specified in API or module is interpreted by ALB Controller as 600. format: int64 title: |- Default expire type: integer enabled: default: false description: | Enable/disable HTTP object caching.When enabling caching for the first time, SE Group app_cache_percent must beset to allocate shared memory required for caching (A service engine restart is needed after setting/resetting the SE group value). Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean heuristic_expire: default: false description: | If a response object from the server does not include the Cache-Control header, but does include a Last-Modified header, the system will use this time to calculate the Cache-Control expiration. If unable to solicit an Last-Modified header, then the system will fall back to the Cache Expire Time value. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Heuristic expire type: boolean ignore_request_cache_control: default: false description: | Ignore client's cache control headers when fetching or storing from and to the cache. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ignore request cache control type: boolean max_cache_size: default: 0 description: | Max size, in bytes, of the cache. The default, zero, indicates auto configuration. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Max cache size type: integer max_object_size: default: 4194304 description: | Maximum size of an object to store in the cache. Default value when not specified in API or module is interpreted by ALB Controller as 4194304. format: int64 title: |- Max object size type: integer mime_types_black_group_paths: description: | Blacklist string group of non-cacheable mime types. It is a reference to an object of type StringGroup. items: type: string title: |- Mime types black group paths type: array mime_types_black_list: description: |- Blacklist of non-cacheable mime types. items: type: string title: |- Mime types black list type: array mime_types_group_paths: description: | Whitelist string group of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to (STAR)/(STAR). It is a reference to an object of type StringGroup. items: type: string title: |- Mime types group paths type: array mime_types_list: description: | Whitelist of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to (STAR)/(STAR). items: type: string title: |- Mime types list type: array min_object_size: default: 100 description: | Minimum size of an object to store in the cache. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 title: |- Min object size type: integer query_cacheable: default: false description: | Allow caching of objects whose URI included a query argument. When disabled, these objects are not cached. When enabled, the request must match the URI query to be considered a hit. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Query cacheable type: boolean uri_non_cacheable: $ref: '#/definitions/ALBPathMatch' description: |- Non-cacheable URI configuration with match criteria. title: |- Uri non cacheable xcache_header: default: true description: | Add an X-Cache header to content served from cache, which indicates to the client that the object was served from an intermediate cache. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Xcache header type: boolean title: |- HttpCacheConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHttpCookiePersistenceKey: description: |- Advanced load balancer HttpCookiePersistenceKey object properties: aes_key: description: |- aes_key of HttpCookiePersistenceKey. title: |- Aes key type: string hmac_key: description: |- hmac_key of HttpCookiePersistenceKey. title: |- Hmac key type: string name: description: |- name to use for cookie encryption. title: |- Name type: string title: |- HttpCookiePersistenceKey type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBHttpCookiePersistenceProfile: description: |- Advanced load balancer HttpCookiePersistenceProfile object properties: always_send_cookie: default: false description: | If no persistence cookie was received from the client, always send it. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Always send cookie type: boolean cookie_name: description: |- HTTP cookie name for cookie persistence. title: |- Cookie name type: string encryption_key: description: |- Key name to use for cookie encryption. title: |- Encryption key type: string key: description: | Placeholder for description of property key of obj type HttpCookiePersistenceProfile field type str type array. items: $ref: '#/definitions/ALBHttpCookiePersistenceKey' title: |- Key type: array timeout: description: | The maximum lifetime of any session cookie. No value or 'zero' indicates no timeout. Allowed values are 1-14400. Special values are 0- 'No Timeout'. Unit is MIN. format: int64 maximum: 14400 minimum: 0 title: |- Timeout type: integer title: |- HttpCookiePersistenceProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIPNetworkSubnet: description: |- Advanced load balancer IPNetworkSubnet object properties: network_path: description: | Network for VirtualService IP allocation with Vantage as the IPAM provider. Network should be created before this is configured. It is a reference to an object of type Network. title: |- Network path type: string subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: | Subnet for VirtualService IP allocation with Vantage or Infoblox as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. title: |- Subnet subnet6: $ref: '#/definitions/ALBIpAddrPrefix' description: | Subnet for VirtualService IPv6 allocation with Vantage or Infoblox as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. title: |- Subnet6 subnet6_uuid: description: | Subnet UUID or Name or Prefix for VirtualService IPv6 allocation with AWS or OpenStack as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. title: |- Subnet6 uuid type: string subnet_uuid: description: | Subnet UUID or Name or Prefix for VirtualService IP allocation with AWS or OpenStack as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. title: |- Subnet uuid type: string title: |- IPNetworkSubnet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIPPersistenceProfile: description: |- Advanced load balancer IPPersistenceProfile object properties: ip_mask: description: | Mask to be applied on client IP. This may be used to persist clients from a subnet to the same server. When set to 0, all requests are sent to the same server. Allowed values are 0-128. format: int64 maximum: 128 minimum: 0 title: |- Ip mask type: integer ip_persistent_timeout: default: 5 description: | The length of time after a client's connections have closed before expiring the client's persistence to a server. Allowed values are 1-720. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 5. format: int64 maximum: 720 minimum: 1 title: |- Ip persistent timeout type: integer title: |- IPPersistenceProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddr: description: |- Advanced load balancer IpAddr object properties: addr: description: |- IP address. title: |- Addr type: string type: description: |- Enum options - V4, DNS, V6. enum: - V4 - DNS - V6 type: string required: - type - addr title: |- IpAddr type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrGroup: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: addrs: description: |- Configure IP address(es). items: $ref: '#/definitions/ALBIpAddr' title: |- Addrs type: array apic_epg_name: description: |- Populate IP addresses from members of this Cisco APIC EPG. title: |- Apic epg name type: string country_codes: description: | Populate the IP address ranges from the geo database for this country. items: type: string title: |- Country codes type: array ip_ports: description: |- Configure (IP address, port) tuple(s). items: $ref: '#/definitions/ALBIpAddrPort' title: |- Ip ports type: array marathon_app_name: description: |- Populate IP addresses from tasks of this Marathon app. title: |- Marathon app name type: string marathon_service_port: description: | Task port associated with marathon service port. If Marathon app has multiple service ports, this is required. Else, the first task port is used. format: int64 title: |- Marathon service port type: integer prefixes: description: |- Configure IP address prefix(es). items: $ref: '#/definitions/ALBIpAddrPrefix' title: |- Prefixes type: array ranges: description: |- Configure IP address range(s). items: $ref: '#/definitions/ALBIpAddrRange' title: |- Ranges type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer IpAddrGroup object title: |- IpAddrGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrGroupApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of IpAddrGroup items: $ref: '#/definitions/ALBIpAddrGroup' title: |- Array of IpAddrGroup type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | IpAddrGroupApiResponse title: |- IpAddrGroupApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrMatch: description: |- Advanced load balancer IpAddrMatch object properties: addrs: description: |- IP address(es). items: $ref: '#/definitions/ALBIpAddr' title: |- Addrs type: array group_paths: description: | path of IP address group(s). It is a reference to an object of type IpAddrGroup. items: type: string title: |- Group paths type: array match_criteria: description: | Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string prefixes: description: |- IP address prefix(es). items: $ref: '#/definitions/ALBIpAddrPrefix' title: |- Prefixes type: array ranges: description: |- IP address range(s). items: $ref: '#/definitions/ALBIpAddrRange' title: |- Ranges type: array required: - match_criteria title: |- IpAddrMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrPort: description: |- Advanced load balancer IpAddrPort object properties: hostname: description: | Hostname of server. One of IP address or hostname should be set. title: |- Hostname type: string ip: $ref: '#/definitions/ALBIpAddr' description: | IP Address of host. One of IP address or hostname should be set. title: |- Ip name: description: |- Name of the object. title: |- Name type: string port: description: | Port number of server. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Port type: integer required: - port title: |- IpAddrPort type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrPrefix: description: |- Advanced load balancer IpAddrPrefix object properties: ip_addr: $ref: '#/definitions/ALBIpAddr' description: | Placeholder for description of property ip_addr of obj type IpAddrPrefix field type str type ref. title: |- Ip addr mask: description: |- Number of mask. format: int64 title: |- Mask type: integer required: - mask - ip_addr title: |- IpAddrPrefix type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBIpAddrRange: description: |- Advanced load balancer IpAddrRange object properties: begin: $ref: '#/definitions/ALBIpAddr' description: |- Starting IP address of the range. title: |- Begin end: $ref: '#/definitions/ALBIpAddr' description: |- Ending IP address of the range. title: |- End required: - begin - end title: |- IpAddrRange type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBKeyValue: description: |- Advanced load balancer KeyValue object properties: key: description: |- Key. title: |- Key type: string value: description: |- Value. title: |- Value type: string required: - key title: |- KeyValue type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4ConnectionPolicy: description: |- Advanced load balancer L4ConnectionPolicy object properties: rules: description: |- Rules to apply when a new transport connection is setup. items: $ref: '#/definitions/ALBL4Rule' title: |- Rules type: array title: |- L4ConnectionPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4Policies: description: |- Advanced load balancer L4Policies object properties: index: description: |- Index of the virtual service L4 policy set. format: int64 title: |- Index type: integer l4_policy_set_path: description: | ID of the virtual service L4 policy set. It is a reference to an object of type L4PolicySet. title: |- L4 policy set path type: string required: - l4_policy_set_path - index title: |- L4Policies type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4PolicySet: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: created_by: description: |- Creator name. title: |- Created by type: string is_internal_policy: default: false description: | Placeholder for description of property is_internal_policy of obj type L4PolicySet field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is internal policy type: boolean l4_connection_policy: $ref: '#/definitions/ALBL4ConnectionPolicy' description: |- Policy to apply when a new transport connection is setup. title: |- L4 connection policy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer L4PolicySet object title: |- L4PolicySet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4PolicySetApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of L4PolicySet items: $ref: '#/definitions/ALBL4PolicySet' title: |- Array of L4PolicySet type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | L4PolicySetApiResponse title: |- L4PolicySetApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4Rule: description: |- Advanced load balancer L4Rule object properties: action: $ref: '#/definitions/ALBL4RuleAction' description: |- Action to be performed upon successful rule match. title: |- Action enable: default: true description: | Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: |- Index of the rule. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBL4RuleMatchTarget' description: |- Match criteria of the rule. title: |- Match name: description: |- Name of the rule. title: |- Name type: string required: - index - name title: |- L4Rule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4RuleAction: description: |- Advanced load balancer L4RuleAction object properties: select_pool: $ref: '#/definitions/ALBL4RuleActionSelectPool' description: |- Indicates pool or pool-group selection on rule match. title: |- Select pool title: |- L4RuleAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4RuleActionSelectPool: description: |- Advanced load balancer L4RuleActionSelectPool object properties: action_type: description: | Indicates action to take on rule match. Enum options - L4_RULE_ACTION_SELECT_POOL, L4_RULE_ACTION_SELECT_POOLGROUP. enum: - L4_RULE_ACTION_SELECT_POOL - L4_RULE_ACTION_SELECT_POOLGROUP type: string pool_group_path: description: | ID of the pool group to serve the request. It is a reference to an object of type PoolGroup. title: |- Pool group path type: string pool_path: description: | ID of the pool of servers to serve the request. It is a reference to an object of type Pool. title: |- Pool path type: string required: - action_type title: |- L4RuleActionSelectPool type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4RuleMatchTarget: description: |- Advanced load balancer L4RuleMatchTarget object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- IP addresses to match against client IP. title: |- Client ip port: $ref: '#/definitions/ALBL4RulePortMatch' description: |- Port number to match against Virtual Service listner port. title: |- Port protocol: $ref: '#/definitions/ALBL4RuleProtocolMatch' description: |- TCP/UDP/ICMP protocol to match against transport protocol. title: |- Protocol title: |- L4RuleMatchTarget type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4RulePortMatch: description: |- Advanced load balancer L4RulePortMatch object properties: match_criteria: description: | Criterion to use for Virtual Service port matching. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string port_ranges: description: |- Range of TCP/UDP port numbers of the Virtual Service. items: $ref: '#/definitions/ALBPortRange' title: |- Port ranges type: array ports: description: | Virtual Service's listening port(s). Allowed values are 1-65535. items: format: int64 type: integer title: |- Ports type: array required: - match_criteria title: |- L4RulePortMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBL4RuleProtocolMatch: description: |- Advanced load balancer L4RuleProtocolMatch object properties: match_criteria: description: | Criterion to use for transport protocol matching. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string protocol: description: | Transport protocol to match. Enum options - PROTOCOL_ICMP, PROTOCOL_TCP, PROTOCOL_UDP. enum: - PROTOCOL_ICMP - PROTOCOL_TCP - PROTOCOL_UDP type: string required: - protocol - match_criteria title: |- L4RuleProtocolMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBLdapAuthSettings: description: |- Advanced load balancer LdapAuthSettings object properties: base_dn: description: | The LDAP base DN. For example, avinetworks.com would be DC=avinetworks,DC=com. title: |- Base dn type: string bind_as_administrator: default: true description: | LDAP administrator credentials are used to search for users and group memberships. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Bind as administrator type: boolean email_attribute: default: email description: | LDAP attribute that refers to user email. Default value when not specified in API or module is interpreted by ALB Controller as email. title: |- Email attribute type: string full_name_attribute: default: name description: | LDAP attribute that refers to user's full name. Default value when not specified in API or module is interpreted by ALB Controller as name. title: |- Full name attribute type: string port: default: 389 description: | Query the LDAP servers on this port. Default value when not specified in API or module is interpreted by ALB Controller as 389. format: int64 title: |- Port type: integer security_mode: description: | LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS. enum: - AUTH_LDAP_SECURE_NONE - AUTH_LDAP_SECURE_USE_LDAPS type: string server: description: | LDAP server IP address or Hostname. Use IP address if an auth profile is used to configure Virtual Service. Minimum of 1 items required. items: type: string title: |- Server type: array settings: $ref: '#/definitions/ALBLdapDirectorySettings' description: | LDAP full directory configuration with administrator credentials. title: |- Settings user_bind: $ref: '#/definitions/ALBLdapUserBindSettings' description: |- LDAP anonymous bind configuration. title: |- User bind required: - server title: |- LdapAuthSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBLdapDirectorySettings: description: |- Advanced load balancer LdapDirectorySettings object properties: admin_bind_dn: description: | LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN. title: |- Admin bind dn type: string group_filter: default: (objectClass=*) description: | Group filter is used to identify groups during search. Default value when not specified in API or module is interpreted by ALB Controller as (objectClass=(STAR)). title: |- Group filter type: string group_member_attribute: default: member description: | LDAP group attribute that identifies each of the group members. Default value when not specified in API or module is interpreted by ALB Controller as member. title: |- Group member attribute type: string group_member_is_full_dn: default: true description: | Group member entries contain full DNs instead of just user id attribute values. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Group member is full dn type: boolean group_search_dn: description: | LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership. title: |- Group search dn type: string group_search_scope: default: AUTH_LDAP_SCOPE_SUBTREE description: | LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_LDAP_SCOPE_SUBTREE. enum: - AUTH_LDAP_SCOPE_BASE - AUTH_LDAP_SCOPE_ONE - AUTH_LDAP_SCOPE_SUBTREE type: string ignore_referrals: default: false description: | During user or group search, ignore searching referrals. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ignore referrals type: boolean password: description: |- LDAP Admin User Password. title: |- Password type: string user_attributes: description: |- LDAP user attributes to fetch on a successful user bind. items: type: string title: |- User attributes type: array user_id_attribute: description: | LDAP user id attribute is the login attribute that uniquely identifies a single user record. title: |- User id attribute type: string user_search_dn: description: | LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated. title: |- User search dn type: string user_search_scope: default: AUTH_LDAP_SCOPE_ONE description: | LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_LDAP_SCOPE_ONE. enum: - AUTH_LDAP_SCOPE_BASE - AUTH_LDAP_SCOPE_ONE - AUTH_LDAP_SCOPE_SUBTREE type: string title: |- LdapDirectorySettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBLdapUserBindSettings: description: |- Advanced load balancer LdapUserBindSettings object properties: dn_template: description: | LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username. title: |- Dn template type: string token: default: description: | LDAP token is replaced with real user name in the user DN pattern. Default value when not specified in API or module is interpreted by ALB Controller as . title: |- Token type: string user_attributes: description: |- LDAP user attributes to fetch on a successful user bind. items: type: string title: |- User attributes type: array user_id_attribute: description: | LDAP user id attribute is the login attribute that uniquely identifies a single user record. title: |- User id attribute type: string title: |- LdapUserBindSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBLocationHdrMatch: description: |- Advanced load balancer LocationHdrMatch object properties: match_case: default: INSENSITIVE description: | Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: description: | Criterion to use for matching location header value in the HTTP response. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. enum: - HDR_EXISTS - HDR_DOES_NOT_EXIST - HDR_BEGINS_WITH - HDR_DOES_NOT_BEGIN_WITH - HDR_CONTAINS - HDR_DOES_NOT_CONTAIN - HDR_ENDS_WITH - HDR_DOES_NOT_END_WITH - HDR_EQUALS - HDR_DOES_NOT_EQUAL type: string value: description: |- String value(s) in the location header. items: type: string title: |- Value type: array required: - match_criteria title: |- LocationHdrMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBMatchReplacePair: description: |- Advanced load balancer MatchReplacePair object properties: match_string: description: |- String to be matched. title: |- Match string type: string replacement_string: $ref: '#/definitions/ALBReplaceStringVar' description: |- Replacement string. title: |- Replacement string required: - match_string title: |- MatchReplacePair type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBMatchTarget: description: |- Advanced load balancer MatchTarget object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- Configure client ip addresses. title: |- Client ip cookie: $ref: '#/definitions/ALBCookieMatch' description: |- Configure HTTP cookie(s). title: |- Cookie hdrs: description: |- Configure HTTP header(s). items: $ref: '#/definitions/ALBHdrMatch' title: |- Hdrs type: array host_hdr: $ref: '#/definitions/ALBHostHdrMatch' description: |- Configure the host header. title: |- Host hdr method: $ref: '#/definitions/ALBMethodMatch' description: |- Configure HTTP methods. title: |- Method path: $ref: '#/definitions/ALBPathMatch' description: |- Configure request paths. title: |- Path protocol: $ref: '#/definitions/ALBProtocolMatch' description: |- Configure the type of HTTP protocol. title: |- Protocol query: $ref: '#/definitions/ALBQueryMatch' description: |- Configure request query. title: |- Query version: $ref: '#/definitions/ALBHTTPVersionMatch' description: |- Configure versions of the HTTP protocol. title: |- Version vs_port: $ref: '#/definitions/ALBPortMatch' description: |- Configure virtual service ports. title: |- Vs port title: |- MatchTarget type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBMethodMatch: description: |- Advanced load balancer MethodMatch object properties: match_criteria: description: | Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string methods: description: | Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. Minimum of 1 items required. Maximum of 16 items allowed. items: description: |- Valid ENUM values for ALBHTTPMethod enum: - HTTP_METHOD_GET - HTTP_METHOD_HEAD - HTTP_METHOD_PUT - HTTP_METHOD_DELETE - HTTP_METHOD_POST - HTTP_METHOD_OPTIONS - HTTP_METHOD_TRACE - HTTP_METHOD_CONNECT - HTTP_METHOD_PATCH - HTTP_METHOD_PROPFIND - HTTP_METHOD_PROPPATCH - HTTP_METHOD_MKCOL - HTTP_METHOD_COPY - HTTP_METHOD_MOVE - HTTP_METHOD_LOCK - HTTP_METHOD_UNLOCK type: string title: |- Methods type: array required: - methods - match_criteria title: |- MethodMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBMetricsRealTimeUpdate: description: |- Advanced load balancer MetricsRealTimeUpdate object properties: duration: default: 30 description: | Real time metrics collection duration in minutes. 0 for infinite. Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. format: int64 title: |- Duration type: integer enabled: default: false description: | Enables real time metrics collection. When deactivated, 6 hour view is the most granular the system will track. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean required: - enabled title: |- MetricsRealTimeUpdate type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBMicroServiceMatch: description: |- Advanced load balancer MicroServiceMatch object properties: match_criteria: description: | Criterion to use for Micro Service matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string required: - match_criteria title: |- MicroServiceMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkFilter: description: |- Advanced load balancer NetworkFilter object properties: server_filter: description: |- server_filter of NetworkFilter. title: |- Server filter type: string title: |- NetworkFilter type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: connection_mirror: default: false description: | When enabled, Avi mirrors all TCP fastpath connections to standby. Applicable only in Legacy HA Mode. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Connection mirror type: boolean profile: $ref: '#/definitions/ALBNetworkProfileUnion' description: | Placeholder for description of property profile of obj type NetworkProfile field type str type ref. title: |- Profile required: - profile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer NetworkProfile object title: |- NetworkProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of NetworkProfile items: $ref: '#/definitions/ALBNetworkProfile' title: |- Array of NetworkProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | NetworkProfileApiResponse title: |- NetworkProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkProfileUnion: description: |- Advanced load balancer NetworkProfileUnion object properties: tcp_fast_path_profile: $ref: '#/definitions/ALBTCPFastPathProfile' description: | Placeholder for description of property tcp_fast_path_profile of obj type NetworkProfileUnion field type str type ref. title: |- Tcp fast path profile tcp_proxy_profile: $ref: '#/definitions/ALBTCPProxyProfile' description: | Placeholder for description of property tcp_proxy_profile of obj type NetworkProfileUnion field type str type ref. title: |- Tcp proxy profile type: default: PROTOCOL_TYPE_TCP_PROXY description: | Configure one of either proxy or fast path profiles. Enum options - PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY. Default value when not specified in API or module is interpreted by ALB Controller as PROTOCOL_TYPE_TCP_PROXY. enum: - PROTOCOL_TYPE_TCP_PROXY - PROTOCOL_TYPE_TCP_FAST_PATH - PROTOCOL_TYPE_UDP_FAST_PATH - PROTOCOL_TYPE_UDP_PROXY type: string udp_fast_path_profile: $ref: '#/definitions/ALBUDPFastPathProfile' description: | Placeholder for description of property udp_fast_path_profile of obj type NetworkProfileUnion field type str type ref. title: |- Udp fast path profile udp_proxy_profile: $ref: '#/definitions/ALBUDPProxyProfile' description: |- Configure UDP Proxy network profile. title: |- Udp proxy profile required: - type title: |- NetworkProfileUnion type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkSecurityMatchTarget: description: |- Advanced load balancer NetworkSecurityMatchTarget object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: | Placeholder for description of property client_ip of obj type NetworkSecurityMatchTarget field type str type ref. title: |- Client ip microservice: $ref: '#/definitions/ALBMicroServiceMatch' description: | Placeholder for description of property microservice of obj type NetworkSecurityMatchTarget field type str type ref. title: |- Microservice vs_port: $ref: '#/definitions/ALBPortMatch' description: | Placeholder for description of property vs_port of obj type NetworkSecurityMatchTarget field type str type ref. title: |- Vs port title: |- NetworkSecurityMatchTarget type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkSecurityPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cloud_config_cksum: description: | Checksum of cloud configuration for Network Sec Policy. Internally set by cloud connector. title: |- Cloud config cksum type: string created_by: description: |- Creator name. title: |- Created by type: string rules: description: | Placeholder for description of property rules of obj type NetworkSecurityPolicy field type str type array. items: $ref: '#/definitions/ALBNetworkSecurityRule' title: |- Rules type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer NetworkSecurityPolicy object title: |- NetworkSecurityPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkSecurityPolicyActionRLParam: description: |- Advanced load balancer NetworkSecurityPolicyActionRLParam object properties: burst_size: default: 0 description: | Maximum number of connections or requests or packets to be rate limited instantaneously. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Burst size type: integer max_rate: description: | Maximum number of connections or requests or packets per second. Allowed values are 1-4294967295. format: int64 maximum: 4294967295 minimum: 1 title: |- Max rate type: integer required: - max_rate - burst_size title: |- NetworkSecurityPolicyActionRLParam type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkSecurityPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of NetworkSecurityPolicy items: $ref: '#/definitions/ALBNetworkSecurityPolicy' title: |- Array of NetworkSecurityPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | NetworkSecurityPolicyApiResponse title: |- NetworkSecurityPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBNetworkSecurityRule: description: |- Advanced load balancer NetworkSecurityRule object properties: action: description: | Enum options - NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW, NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY, NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT. enum: - NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW - NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY - NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT type: string age: default: 0 description: | Time in minutes after which rule will be deleted. Allowed values are 1-4294967295. Special values are 0- 'blocked for ever'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 4294967295 minimum: 0 title: |- Age type: integer created_by: description: |- Creator name. title: |- Created by type: string enable: description: | Placeholder for description of property enable of obj type NetworkSecurityRule field type str type boolean. title: |- Enable type: boolean index: description: |- Number of index. format: int64 title: |- Index type: integer log: default: false description: | Placeholder for description of property log of obj type NetworkSecurityRule field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Log type: boolean match: $ref: '#/definitions/ALBNetworkSecurityMatchTarget' description: | Placeholder for description of property match of obj type NetworkSecurityRule field type str type ref. title: |- Match name: description: |- Name of the object. title: |- Name type: string rl_param: $ref: '#/definitions/ALBNetworkSecurityPolicyActionRLParam' description: | Placeholder for description of property rl_param of obj type NetworkSecurityRule field type str type ref. title: |- Rl param required: - action - index - enable - name - match title: |- NetworkSecurityRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBOCSPConfig: description: |- Advanced load balancer OCSPConfig object properties: failed_ocsp_jobs_retry_interval: default: 3600 description: | Describes the Time Interval after which the next OCSP job needs to be scheduled in case of the OCSP job failures. Allowed values are 60-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 3600. format: int64 maximum: 86400 minimum: 60 title: |- Failed ocsp jobs retry interval type: integer max_tries: default: 10 description: | Maximum number of times the failed OCSP jobs can be scheduled. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 title: |- Max tries type: integer ocsp_req_interval: default: 86400 description: | Interval between the OCSP queries. Allowed values are 60-31536000. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 86400. format: int64 maximum: 31536000 minimum: 60 title: |- Ocsp req interval type: integer ocsp_resp_timeout: description: | Time in seconds that the system waits for a reply from the OCSP responder before dropping the connection. Unit is SEC. format: int64 title: |- Ocsp resp timeout type: integer responder_url_lists: description: | List of Responder URLs configured by user to do failover/override the AIA extension contained in the OCSP responder's SSL/TLS certificate. items: type: string title: |- Responder url lists type: array url_action: default: OCSP_RESPONDER_URL_FAILOVER description: | Describes the type of action to take with the Responder URLs. Enum options - OCSP_RESPONDER_URL_FAILOVER, OCSP_RESPONDER_URL_OVERRIDE. Default value when not specified in API or module is interpreted by ALB Controller as OCSP_RESPONDER_URL_FAILOVER. enum: - OCSP_RESPONDER_URL_FAILOVER - OCSP_RESPONDER_URL_OVERRIDE type: string title: |- OCSPConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPGDeploymentRule: description: |- Advanced load balancer PGDeploymentRule object properties: metric_id: default: health.health_score_value description: | metric_id of PGDeploymentRule. Default value when not specified in API or module is interpreted by ALB Controller as health.health_score_value. title: |- Metric id type: string operator: default: CO_GE description: | Enum options - CO_EQ, CO_GT, CO_GE, CO_LT, CO_LE, CO_NE. Default value when not specified in API or module is interpreted by ALB Controller as CO_GE. enum: - CO_EQ - CO_GT - CO_GE - CO_LT - CO_LE - CO_NE type: string threshold: description: | metric threshold that is used as the pass fail. If it is not provided then it will simply compare it with current pool vs new pool. title: |- Threshold type: number title: |- PGDeploymentRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPKIProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ca_certs: description: | List of Certificate Authorities (Root and Intermediate) trusted that is used for certificate validation. items: $ref: '#/definitions/ALBSSLCertificate' title: |- Ca certs type: array created_by: description: |- Creator name. title: |- Created by type: string crl_check: default: true description: | When enabled, Avi will verify via CRL checks that certificates in the trust chain have not been revoked. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Crl check type: boolean crls: description: |- Certificate Revocation Lists. items: $ref: '#/definitions/ALBCRL' title: |- Crls type: array ignore_peer_chain: default: false description: | When enabled, Avi will not trust Intermediate and Root certs presented by a client. Instead, only the chain certs configured in the Certificate Authority section will be used to verify trust of the client's cert. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ignore peer chain type: boolean is_federated: default: false description: | This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is federated type: boolean validate_only_leaf_crl: default: true description: | When enabled, Avi will only validate the revocation status of the leaf certificate using CRL. To enable validation for the entire chain, disable this option and provide all the relevant CRLs. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Validate only leaf crl type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer PKIProfile object title: |- PKIProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPKIProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of PKIProfile items: $ref: '#/definitions/ALBPKIProfile' title: |- Array of PKIProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | PKIProfileApiResponse title: |- PKIProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPathMatch: description: |- Advanced load balancer PathMatch object properties: match_case: default: INSENSITIVE description: | Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: default: CONTAINS description: | Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Default value when not specified in API or module is interpreted by ALB Controller as CONTAINS. enum: - BEGINS_WITH - DOES_NOT_BEGIN_WITH - CONTAINS - DOES_NOT_CONTAIN - ENDS_WITH - DOES_NOT_END_WITH - EQUALS - DOES_NOT_EQUAL - REGEX_MATCH - REGEX_DOES_NOT_MATCH type: string match_str: description: |- String values. items: type: string title: |- Match str type: array string_group_paths: description: | path of the string group(s). It is a reference to an object of type StringGroup. items: type: string title: |- String group paths type: array required: - match_criteria title: |- PathMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPerformanceLimits: description: |- Advanced load balancer PerformanceLimits object properties: max_concurrent_connections: description: | The maximum number of concurrent client conections allowed to the Virtual Service. format: int64 title: |- Max concurrent connections type: integer max_throughput: description: | The maximum throughput per second for all clients allowed through the client side of the Virtual Service. format: int64 title: |- Max throughput type: integer title: |- PerformanceLimits type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPlacementNetwork: description: |- Advanced load balancer PlacementNetwork object properties: network_path: description: |- It is a reference to an object of type Network. title: |- Network path type: string subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: | Placeholder for description of property subnet of obj type PlacementNetwork field type str type ref. title: |- Subnet required: - network_path - subnet title: |- PlacementNetwork type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPool: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: analytics_policy: $ref: '#/definitions/ALBPoolAnalyticsPolicy' description: |- Determines analytics settings for the pool. title: |- Analytics policy analytics_profile_path: description: | Specifies settings related to analytics. It is a reference to an object of type AnalyticsProfile. title: |- Analytics profile path type: string apic_epg_name: description: |- Synchronize Cisco APIC EPG members with pool servers. title: |- Apic epg name type: string application_persistence_profile_path: description: | Persistence will ensure the same user sticks to the same server for a desired duration of time. It is a reference to an object of type ApplicationPersistenceProfile. title: |- Application persistence profile path type: string autoscale_launch_config_path: description: | If configured then Avi will trigger orchestration of pool server creation and deletion. It is a reference to an object of type AutoScaleLaunchConfig. title: |- Autoscale launch config path type: string autoscale_networks: description: |- Network Ids for the launch configuration. items: type: string title: |- Autoscale networks type: array autoscale_policy_path: description: | Reference to Server Autoscale Policy. It is a reference to an object of type ServerAutoScalePolicy. title: |- Autoscale policy path type: string capacity_estimation: default: false description: | Inline estimation of capacity of servers. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Capacity estimation type: boolean capacity_estimation_ttfb_thresh: default: 0 description: | The maximum time-to-first-byte of a server. Allowed values are 1-5000. Special values are 0 - 'Automatic'. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 5000 minimum: 0 title: |- Capacity estimation ttfb thresh type: integer cloud_config_cksum: description: | Checksum of cloud configuration for Pool. Internally set by cloud connector. title: |- Cloud config cksum type: string conn_pool_properties: $ref: '#/definitions/ALBConnPoolProperties' description: |- Connnection pool properties. title: |- Conn pool properties connection_ramp_duration: default: 10 description: | Duration for which new connections will be gradually ramped up to a server recently brought online. Useful for LB algorithms that are least connection based. Allowed values are 1-300. Special values are 0 - 'Immediate'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 300 minimum: 0 title: |- Connection ramp duration type: integer created_by: description: |- Creator name. title: |- Created by type: string default_server_port: default: 80 description: | Traffic sent to servers will use this destination server port unless overridden by the server's specific port attribute. The SSL checkbox enables Avi to server encryption. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 80. format: int64 maximum: 65535 minimum: 1 title: |- Default server port type: integer delete_server_on_dns_refresh: default: true description: | Indicates whether existing IPs are disabled(false) or deleted(true) on dns hostname refreshDetail -- On a dns refresh, some IPs set on pool may no longer be returned by the resolver. These IPs are deleted from the pool when this knob is set to true. They are disabled, if the knob is set to false. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Delete server on dns refresh type: boolean domain_name: description: | Comma separated list of domain names which will be used to verify the common names or subject alternative names presented by server certificates. It is performed only when common name check host_check_enabled is enabled. items: type: string title: |- Domain name type: array east_west: description: |- Inherited config from VirtualService. title: |- East west type: boolean enable_http2: default: false description: | Enable HTTP/2 for traffic from VirtualService to all backend servers in this pool. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable http2 type: boolean enabled: default: true description: | Enable or disable the pool. Disabling will terminate all open connections and pause health monitors. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enabled type: boolean external_autoscale_groups: description: | Names of external auto-scale groups for pool servers. Currently available only for AWS and Azure. items: type: string title: |- External autoscale groups type: array fail_action: $ref: '#/definitions/ALBFailAction' description: | Enable an action - Close Connection, HTTP Redirect or Local HTTP Response - when a pool failure happens. By default, a connection will be closed, in case the pool experiences a failure. title: |- Fail action fewest_tasks_feedback_delay: default: 10 description: | Periodicity of feedback for fewest tasks server selection algorithm. Allowed values are 1-300. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 300 minimum: 1 title: |- Fewest tasks feedback delay type: integer graceful_disable_timeout: default: 1 description: | Used to gracefully disable a server. Virtual service waits for the specified time before terminating the existing connections to the servers that are disabled. Allowed values are 1-7200. Special values are 0 - 'Immediate', -1 - 'Infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 7200 minimum: -1 title: |- Graceful disable timeout type: integer group_paths: description: | A list of NSX Groups where the Servers for the Pool are created . items: type: string title: |- Group paths type: array gslb_sp_enabled: description: |- Indicates if the pool is a site-persistence pool. title: |- Gslb sp enabled type: boolean health_monitor_paths: description: | Verify server health by applying one or more health monitors. Active monitors generate synthetic traffic from each Service Engine and mark a server up or down based on the response. The Passive monitor listens only to client to server communication. It raises or lowers the ratio of traffic destined to a server based on successful responses. It is a reference to an object of type HealthMonitor. Maximum of 50 items allowed. items: type: string title: |- Health monitor paths type: array host_check_enabled: default: false description: | Enable common name check for server certificate. If enabled and no explicit domain name is specified, Avi will use the incoming host header to do the match. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Host check enabled type: boolean ignore_server_port: default: false description: | Ignore the server port in building the load balancing state.Applicable only for consistent hash load balancing algorithm or Disable Port translation (use_service_port) use cases. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ignore server port type: boolean inline_health_monitor: default: true description: | The Passive monitor will monitor client to server connections and requests and adjust traffic load to servers based on successful responses. This may alter the expected behavior of the LB method, such as Round Robin. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Inline health monitor type: boolean ipaddrgroup_path: description: | Use list of servers from Ip Address Group. It is a reference to an object of type IpAddrGroup. title: |- Ipaddrgroup path type: string lb_algorithm: default: LB_ALGORITHM_LEAST_CONNECTIONS description: | The load balancing algorithm will pick a server within the pool's list of available servers. Values LB_ALGORITHM_NEAREST_SERVER and LB_ALGORITHM_TOPOLOGY are only allowed for GSLB pool. Enum options - LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER, LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY. Default value when not specified in API or module is interpreted by ALB Controller as LB_ALGORITHM_LEAST_CONNECTIONS. enum: - LB_ALGORITHM_LEAST_CONNECTIONS - LB_ALGORITHM_ROUND_ROBIN - LB_ALGORITHM_FASTEST_RESPONSE - LB_ALGORITHM_CONSISTENT_HASH - LB_ALGORITHM_LEAST_LOAD - LB_ALGORITHM_FEWEST_SERVERS - LB_ALGORITHM_RANDOM - LB_ALGORITHM_FEWEST_TASKS - LB_ALGORITHM_NEAREST_SERVER - LB_ALGORITHM_CORE_AFFINITY - LB_ALGORITHM_TOPOLOGY type: string lb_algorithm_consistent_hash_hdr: description: |- HTTP header name to be used for the hash key. title: |- Lb algorithm consistent hash hdr type: string lb_algorithm_core_nonaffinity: default: 2 description: | Degree of non-affinity for core affinity based server selection. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 65535 minimum: 1 title: |- Lb algorithm core nonaffinity type: integer lb_algorithm_hash: default: LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS description: | Criteria used as a key for determining the hash between the client and server. Enum options - LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT, LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING, LB_ALGORITHM_CONSISTENT_HASH_CALLID. Default value when not specified in API or module is interpreted by ALB Controller as LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS. enum: - LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS - LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT - LB_ALGORITHM_CONSISTENT_HASH_URI - LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER - LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING - LB_ALGORITHM_CONSISTENT_HASH_CALLID type: string lookup_server_by_name: default: false description: | Allow server lookup by name. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Lookup server by name type: boolean max_concurrent_connections_per_server: default: 0 description: | The maximum number of concurrent connections allowed to each server within the pool. NOTE applied value will be no less than the number of service engines that the pool is placed on. If set to 0, no limit is applied. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Max concurrent connections per server type: integer max_conn_rate_per_server: $ref: '#/definitions/ALBRateProfile' description: |- Rate Limit connections to each server. title: |- Max conn rate per server min_health_monitors_up: description: | Minimum number of health monitors in UP state to mark server UP. format: int64 title: |- Min health monitors up type: integer min_servers_up: description: | Minimum number of servers in UP state for marking the pool UP. format: int64 title: |- Min servers up type: integer networks: description: | (internal-use) Networks designated as containing servers for this pool. The servers may be further narrowed down by a filter. This field is used internally by Avi, not editable by the user. items: $ref: '#/definitions/ALBNetworkFilter' title: |- Networks type: array pki_profile_path: description: | Avi will validate the SSL certificate present by a server against the selected PKI Profile. It is a reference to an object of type PKIProfile. title: |- Pki profile path type: string placement_networks: description: | Manually select the networks and subnets used to provide reachability to the pool's servers. Specify the Subnet using the following syntax 10-1-1-0/24. Use static routes in VRF configuration when pool servers are not directly connected but routable from the service engine. items: $ref: '#/definitions/ALBPlacementNetwork' title: |- Placement networks type: array request_queue_depth: default: 128 description: | Minimum number of requests to be queued when pool is full. Default value when not specified in API or module is interpreted by ALB Controller as 128. format: int64 title: |- Request queue depth type: integer request_queue_enabled: default: false description: | Enable request queue when pool is full. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Request queue enabled type: boolean rewrite_host_header_to_server_name: default: false description: | Rewrite incoming Host Header to server name of the server to which the request is proxied. Enabling this feature rewrites Host Header for requests to all servers in the pool. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Rewrite host header to server name type: boolean rewrite_host_header_to_sni: default: false description: | If SNI server name is specified, rewrite incoming host header to the SNI server name. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Rewrite host header to sni type: boolean routing_pool: default: false description: | Enable to do routing when this pool is selected to send traffic. No servers present in routing pool. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Routing pool type: boolean server_name: description: | Fully qualified DNS hostname which will be used in the TLS SNI extension in server connections if SNI is enabled. If no value is specified, Avi will use the incoming host header instead. title: |- Server name type: string server_reselect: $ref: '#/definitions/ALBHTTPServerReselect' description: |- Server reselect configuration for HTTP requests. title: |- Server reselect server_timeout: default: 0 description: | Server timeout value specifies the time within which a server connection needs to be established and a request-response exchange completes between AVI and the server. Value of 0 results in using default timeout of 60 minutes. Allowed values are 0-3600000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 3600000 minimum: 0 title: |- Server timeout type: integer servers: description: | The pool directs load balanced traffic to this list of destination servers. The servers can be configured by IP address, name, network or via IP Address Group. Maximum of 5000 items allowed. items: $ref: '#/definitions/ALBServer' title: |- Servers type: array service_metadata: description: | Metadata pertaining to the service provided by this Pool. In Openshift/Kubernetes environments, app metadata info is stored. Any user input to this field will be overwritten by Avi Vantage. title: |- Service metadata type: string sni_enabled: default: true description: | Enable TLS SNI for server connections. If disabled, Avi will not send the SNI extension as part of the handshake. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Sni enabled type: boolean ssl_key_and_certificate_path: description: | Service Engines will present a client SSL certificate to the server. It is a reference to an object of type SSLKeyAndCertificate. title: |- Ssl key and certificate path type: string ssl_profile_path: description: | When enabled, Avi re-encrypts traffic to the backend servers. The specific SSL profile defines which ciphers and SSL versions will be supported. It is a reference to an object of type SSLProfile. title: |- Ssl profile path type: string tier1_path: description: | This tier1_lr field should be set same as VirtualService associated for NSX-T. title: |- Tier1 path type: string use_service_port: default: false description: | Do not translate the client's destination port when sending the connection to the server. The pool or servers specified service port will still be used for health monitoring. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use service port type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer Pool object title: |- Pool x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolAnalyticsPolicy: description: |- Advanced load balancer PoolAnalyticsPolicy object properties: enable_realtime_metrics: default: false description: | Enable real time metrics for server and pool metrics eg. l4_server.xxx, l7_server.xxx. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable realtime metrics type: boolean title: |- PoolAnalyticsPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of Pool items: $ref: '#/definitions/ALBPool' title: |- Array of Pool type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | PoolApiResponse title: |- PoolApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolGroup: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cloud_config_cksum: description: | Checksum of cloud configuration for PoolGroup. Internally set by cloud connector. title: |- Cloud config cksum type: string created_by: description: |- Name of the user who created the object. title: |- Created by type: string deployment_policy_path: description: | When setup autoscale manager will automatically promote new pools into production when deployment goals are met. It is a reference to an object of type PoolGroupDeploymentPolicy. title: |- Deployment policy path type: string enable_http2: default: false description: | Enable HTTP/2 for traffic from VirtualService to all the backend servers in all the pools configured under this PoolGroup. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable http2 type: boolean fail_action: $ref: '#/definitions/ALBFailAction' description: | Enable an action - Close Connection, HTTP Redirect, or Local HTTP Response - when a pool group failure happens. By default, a connection will be closed, in case the pool group experiences a failure. title: |- Fail action implicit_priority_labels: default: false description: | Whether an implicit set of priority labels is generated. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Implicit priority labels type: boolean members: description: |- List of pool group members object of type PoolGroupMember. items: $ref: '#/definitions/ALBPoolGroupMember' title: |- Members type: array min_servers: default: 0 description: | The minimum number of servers to distribute traffic to. Allowed values are 1-65535. Special values are 0 - 'Disable'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 65535 minimum: 0 title: |- Min servers type: integer priority_labels_path: description: | path of the priority labels. If not provided, pool group member priority label will be interpreted as a number with a larger number considered higher priority. It is a reference to an object of type PriorityLabels. title: |- Priority labels path type: string service_metadata: description: | Metadata pertaining to the service provided by this PoolGroup. In Openshift/Kubernetes environments, app metadata info is stored. Any user input to this field will be overwritten by Avi Vantage. title: |- Service metadata type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer PoolGroup object title: |- PoolGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolGroupApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of PoolGroup items: $ref: '#/definitions/ALBPoolGroup' title: |- Array of PoolGroup type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | PoolGroupApiResponse title: |- PoolGroupApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolGroupDeploymentPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: auto_disable_old_prod_pools: default: true description: | It will automatically disable old production pools once there is a new production candidate. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Auto disable old prod pools type: boolean evaluation_duration: default: 300 description: | Duration of evaluation period for automatic deployment. Allowed values are 60-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. format: int64 maximum: 86400 minimum: 60 title: |- Evaluation duration type: integer rules: description: | Placeholder for description of property rules of obj type PoolGroupDeploymentPolicy field type str type array. items: $ref: '#/definitions/ALBPGDeploymentRule' title: |- Rules type: array scheme: default: BLUE_GREEN description: | deployment scheme. Enum options - BLUE_GREEN, CANARY. Default value when not specified in API or module is interpreted by ALB Controller as BLUE_GREEN. enum: - BLUE_GREEN - CANARY type: string target_test_traffic_ratio: default: 100 description: | Target traffic ratio before pool is made production. Allowed values are 1-100. Unit is RATIO. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 100 minimum: 1 title: |- Target test traffic ratio type: integer test_traffic_ratio_rampup: default: 100 description: | Ratio of the traffic that is sent to the pool under test. test ratio of 100 means blue green. Allowed values are 1-100. Default value when not specified in API or module is interpreted by ALB Controller as 100. format: int64 maximum: 100 minimum: 1 title: |- Test traffic ratio rampup type: integer webhook_path: description: | Webhook configured with URL that Avi controller will pass back information about pool group, old and new pool information and current deployment rule results. It is a reference to an object of type Webhook. title: |- Webhook path type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer PoolGroupDeploymentPolicy object title: |- PoolGroupDeploymentPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolGroupDeploymentPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of PoolGroupDeploymentPolicy items: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' title: |- Array of PoolGroupDeploymentPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | PoolGroupDeploymentPolicyApiResponse title: |- PoolGroupDeploymentPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolGroupMember: description: |- Advanced load balancer PoolGroupMember object properties: deployment_state: description: | Pool deployment state used with the PG deployment policy. Enum options - EVALUATION_IN_PROGRESS, IN_SERVICE, OUT_OF_SERVICE, EVALUATION_FAILED. enum: - EVALUATION_IN_PROGRESS - IN_SERVICE - OUT_OF_SERVICE - EVALUATION_FAILED type: string pool_path: description: | path of the pool. It is a reference to an object of type Pool. title: |- Pool path type: string priority_label: description: | All pools with same label are treated similarly in a pool group. A pool with a higher priority is selected, as long as the pool is eligible or an explicit policy chooses a different pool. title: |- Priority label type: string ratio: default: 1 description: | Ratio of selecting eligible pools in the pool group. Allowed values are 1-1000. Special values are 0 - 'Do not select this pool for new connections'. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 1000 minimum: 0 title: |- Ratio type: integer required: - pool_path title: |- PoolGroupMember type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPoolServer: description: |- Advanced load balancer PoolServer object properties: hostname: description: | DNS resolvable name of the server. May be used in place of the IP address. title: |- Hostname type: string ip: $ref: '#/definitions/ALBIpAddr' description: |- IP address of the server in the poool. title: |- Ip port: description: | Port of the pool server listening for HTTP/HTTPS. Default value is the default port in the pool. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Port type: integer required: - ip title: |- PoolServer type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPortMatch: description: |- Advanced load balancer PortMatch object properties: match_criteria: description: | Criterion to use for port matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string ports: description: | Listening TCP port(s). Allowed values are 1-65535. Minimum of 1 items required. items: format: int64 type: integer title: |- Ports type: array required: - ports - match_criteria title: |- PortMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPortRange: description: |- Advanced load balancer PortRange object properties: end: description: | TCP/UDP port range end (inclusive). Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- End type: integer start: description: | TCP/UDP port range start (inclusive). Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Start type: integer required: - start - end title: |- PortRange type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPriorityLabels: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: equivalent_labels: description: |- Equivalent priority labels in descending order. items: $ref: '#/definitions/ALBEquivalentLabels' title: |- Equivalent labels type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer PriorityLabels object title: |- PriorityLabels x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBPriorityLabelsApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of PriorityLabels items: $ref: '#/definitions/ALBPriorityLabels' title: |- Array of PriorityLabels type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | PriorityLabelsApiResponse title: |- PriorityLabelsApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBProtocolMatch: description: |- Advanced load balancer ProtocolMatch object properties: match_criteria: description: | Criterion to use for protocol matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. enum: - IS_IN - IS_NOT_IN type: string protocols: description: | HTTP or HTTPS protocol. Enum options - HTTP, HTTPS. enum: - HTTP - HTTPS type: string required: - protocols - match_criteria title: |- ProtocolMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBProtocolParser: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: parser_code: description: |- Command script provided inline. title: |- Parser code type: string required: - parser_code type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ProtocolParser object title: |- ProtocolParser x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBProtocolParserApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ProtocolParser items: $ref: '#/definitions/ALBProtocolParser' title: |- Array of ProtocolParser type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ProtocolParserApiResponse title: |- ProtocolParserApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBQueryMatch: description: |- Advanced load balancer QueryMatch object properties: match_case: default: INSENSITIVE description: | Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_criteria: description: | Criterion to use for matching the query in HTTP request URI. Enum options - QUERY_MATCH_CONTAINS. enum: - QUERY_MATCH_CONTAINS type: string match_str: description: |- String value(s). items: type: string title: |- Match str type: array string_group_paths: description: | path of the string group(s). It is a reference to an object of type StringGroup. items: type: string title: |- String group paths type: array required: - match_criteria title: |- QueryMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBRateLimiter: description: |- Advanced load balancer RateLimiter object properties: burst_sz: default: 0 description: | Maximum number of connections, requests or packets to be let through instantaneously. If this is less than count, it will have no effect. Allowed values are 0-1000000000. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000000000 minimum: 0 title: |- Burst sz type: integer count: default: 1000000000 description: | Maximum number of connections, requests or packets permitted each period. Allowed values are 1-1000000000. Default value when not specified in API or module is interpreted by ALB Controller as 1000000000. format: int64 maximum: 1000000000 minimum: 1 title: |- Count type: integer name: description: | Identifier for Rate Limit. Constructed according to context. title: |- Name type: string period: default: 1 description: | Time value in seconds to enforce rate count. Allowed values are 1-1000000000. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 1000000000 minimum: 1 title: |- Period type: integer title: |- RateLimiter type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBRateLimiterAction: description: |- Advanced load balancer RateLimiterAction object properties: file: $ref: '#/definitions/ALBHTTPLocalFile' description: |- File to be used for HTTP Local response rate limit action. title: |- File redirect: $ref: '#/definitions/ALBHTTPRedirectAction' description: |- Parameters for HTTP Redirect rate limit action. title: |- Redirect status_code: default: HTTP_LOCAL_RESPONSE_STATUS_CODE_429 description: | HTTP status code for Local Response rate limit action. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_LOCAL_RESPONSE_STATUS_CODE_429. enum: - HTTP_LOCAL_RESPONSE_STATUS_CODE_200 - HTTP_LOCAL_RESPONSE_STATUS_CODE_204 - HTTP_LOCAL_RESPONSE_STATUS_CODE_403 - HTTP_LOCAL_RESPONSE_STATUS_CODE_404 - HTTP_LOCAL_RESPONSE_STATUS_CODE_429 - HTTP_LOCAL_RESPONSE_STATUS_CODE_501 type: string type: default: RL_ACTION_NONE description: | Type of action to be enforced upon hitting the rate limit. Enum options - RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT. Default value when not specified in API or module is interpreted by ALB Controller as RL_ACTION_NONE. enum: - RL_ACTION_NONE - RL_ACTION_DROP_CONN - RL_ACTION_RESET_CONN - RL_ACTION_CLOSE_CONN - RL_ACTION_LOCAL_RSP - RL_ACTION_REDIRECT type: string title: |- RateLimiterAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBRateLimiterProfile: description: |- Advanced load balancer RateLimiterProfile object properties: client_ip_connections_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all connections made from any single client IP address to the Virtual Service. title: |- Client ip connections rate limit client_ip_failed_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all requests from a client for a specified period of time once the count of failed requests from that client crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. title: |- Client ip failed requests rate limit client_ip_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all HTTP requests from any single client IP address to all URLs of the Virtual Service. title: |- Client ip requests rate limit client_ip_scanners_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Automatically track clients and classify them into 3 groups - Good, Bad, Unknown. Clients are tracked based on their IP Address. Clients are added to the Good group when the Avi Scan Detection system builds history of requests from them that complete successfully. Clients are added to Unknown group when there is insufficient history about them. Requests from such clients are rate limited to the rate specified in the RateProfile. Finally, Clients with history of failed requests are added to Bad group and their requests are rate limited with stricter thresholds than the Unknown Clients group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown client IPs group membership changes dynamically with the changes in traffic patterns through the ADC. title: |- Client ip scanners requests rate limit client_ip_to_uri_failed_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all requests from a client to a URI for a specified period of time once the count of failed requests from that client to the URI crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. title: |- Client ip to uri failed requests rate limit client_ip_to_uri_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all HTTP requests from any single client IP address to any single URL. title: |- Client ip to uri requests rate limit custom_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: |- Rate Limit all HTTP requests that map to any custom string. title: |- Custom requests rate limit http_header_rate_limits: description: | Rate Limit all HTTP requests from all client IP addresses that contain any single HTTP header value. items: $ref: '#/definitions/ALBRateProfile' title: |- Http header rate limits type: array uri_failed_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all requests to a URI for a specified period of time once the count of failed requests to that URI crosses a threshold for that period. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. title: |- Uri failed requests rate limit uri_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate Limit all HTTP requests from all client IP addresses to any single URL. title: |- Uri requests rate limit uri_scanners_requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Automatically track URIs and classify them into 3 groups - Good, Bad, Unknown. URIs are added to the Good group when the Avi Scan Detection system builds history of requests to URIs that complete successfully. URIs are added to Unknown group when there is insufficient history about them. Requests for such URIs are rate limited to the rate specified in the RateProfile. Finally, URIs with history of failed requests are added to Bad group and requests to them are rate limited with stricter thresholds than the Unknown URIs group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown URIs group membership changes dynamically with the changes in traffic patterns through the ADC. title: |- Uri scanners requests rate limit title: |- RateLimiterProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBRateProfile: description: |- Advanced load balancer RateProfile object properties: action: $ref: '#/definitions/ALBRateLimiterAction' description: |- Action to perform upon rate limiting. title: |- Action explicit_tracking: default: false description: | Explicitly tracks an attacker across rate periods. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Explicit tracking type: boolean fine_grain: default: false description: | Enable fine granularity. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Fine grain type: boolean http_cookie: description: |- HTTP cookie name. title: |- Http cookie type: string http_header: description: |- HTTP header name. title: |- Http header type: string rate_limiter: $ref: '#/definitions/ALBRateLimiter' description: |- The rate limiter configuration for this rate profile. title: |- Rate limiter required: - action title: |- RateProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBReplaceStringVar: description: |- Advanced load balancer ReplaceStringVar object properties: type: description: | Type of replacement string - can be a variable exposed from datascript, value of an HTTP header or a custom user-input literal string. Enum options - DATASCRIPT_VAR, HTTP_HEADER_VAR, LITERAL_STRING. enum: - DATASCRIPT_VAR - HTTP_HEADER_VAR - LITERAL_STRING type: string val: description: | Value of the replacement string - name of variable exposed from datascript, name of the HTTP header or a custom user-input literal string. title: |- Val type: string title: |- ReplaceStringVar type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBResponseMatchTarget: description: |- Advanced load balancer ResponseMatchTarget object properties: client_ip: $ref: '#/definitions/ALBIpAddrMatch' description: |- Configure client ip addresses. title: |- Client ip cookie: $ref: '#/definitions/ALBCookieMatch' description: |- Configure HTTP cookie(s). title: |- Cookie hdrs: description: |- Configure HTTP headers. items: $ref: '#/definitions/ALBHdrMatch' title: |- Hdrs type: array host_hdr: $ref: '#/definitions/ALBHostHdrMatch' description: |- Configure the host header. title: |- Host hdr loc_hdr: $ref: '#/definitions/ALBLocationHdrMatch' description: |- Configure the location header. title: |- Loc hdr method: $ref: '#/definitions/ALBMethodMatch' description: |- Configure HTTP methods. title: |- Method path: $ref: '#/definitions/ALBPathMatch' description: |- Configure request paths. title: |- Path protocol: $ref: '#/definitions/ALBProtocolMatch' description: |- Configure the type of HTTP protocol. title: |- Protocol query: $ref: '#/definitions/ALBQueryMatch' description: |- Configure request query. title: |- Query rsp_hdrs: description: |- Configure the HTTP headers in response. items: $ref: '#/definitions/ALBHdrMatch' title: |- Rsp hdrs type: array status: $ref: '#/definitions/ALBHTTPStatusMatch' description: |- Configure the HTTP status code(s). title: |- Status version: $ref: '#/definitions/ALBHTTPVersionMatch' description: |- Configure versions of the HTTP protocol. title: |- Version vs_port: $ref: '#/definitions/ALBPortMatch' description: |- Configure virtual service ports. title: |- Vs port title: |- ResponseMatchTarget type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSAMLSPConfig: description: |- Advanced load balancer SAMLSPConfig object properties: cookie_name: description: |- HTTP cookie name for authenticated session. title: |- Cookie name type: string cookie_timeout: default: 60 description: | Cookie timeout in minutes. Allowed values are 1-1440. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 60. format: int64 maximum: 1440 minimum: 1 title: |- Cookie timeout type: integer entity_id: description: | Globally unique SAML entityID for this node. The SAML application entity ID on the IDP should match this. title: |- Entity id type: string key: description: |- Key to generate the cookie. items: $ref: '#/definitions/ALBHttpCookiePersistenceKey' title: |- Key type: array signing_ssl_key_and_certificate_path: description: | SP will use this SSL certificate to sign requests going to the IdP and decrypt the assertions coming from IdP. It is a reference to an object of type SSLKeyAndCertificate. title: |- Signing ssl key and certificate path type: string single_signon_url: description: |- SAML Single Signon URL to be programmed on the IDP. title: |- Single signon url type: string sp_metadata: description: |- SAML SP metadata for this application. title: |- Sp metadata type: string use_idp_session_timeout: description: | By enabling this field IdP can control how long the SP session can exist through the SessionNotOnOrAfter field in the AuthNStatement of SAML Response. title: |- Use idp session timeout type: boolean required: - single_signon_url - entity_id title: |- SAMLSPConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLCertificate: description: |- Advanced load balancer SSLCertificate object properties: certificate: description: |- certificate of SSLCertificate. title: |- Certificate type: string certificate_signing_request: description: |- certificate_signing_request of SSLCertificate. title: |- Certificate signing request type: string chain_verified: description: | Placeholder for description of property chain_verified of obj type SSLCertificate field type str type boolean. title: |- Chain verified type: boolean days_until_expire: default: 365 description: | Number of days_until_expire. Default value when not specified in API or module is interpreted by ALB Controller as 365. format: int64 title: |- Days until expire type: integer expiry_status: default: SSL_CERTIFICATE_GOOD description: | Enum options - SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CERTIFICATE_GOOD. enum: - SSL_CERTIFICATE_GOOD - SSL_CERTIFICATE_EXPIRY_WARNING - SSL_CERTIFICATE_EXPIRED type: string fingerprint: description: |- fingerprint of SSLCertificate. title: |- Fingerprint type: string issuer: $ref: '#/definitions/ALBSSLCertificateDescription' description: | Placeholder for description of property issuer of obj type SSLCertificate field type str type ref. title: |- Issuer key_params: $ref: '#/definitions/ALBSSLKeyParams' description: | Placeholder for description of property key_params of obj type SSLCertificate field type str type ref. title: |- Key params not_after: description: |- not_after of SSLCertificate. title: |- Not after type: string not_before: description: |- not_before of SSLCertificate. title: |- Not before type: string public_key: description: |- public_key of SSLCertificate. title: |- Public key type: string self_signed: description: | Placeholder for description of property self_signed of obj type SSLCertificate field type str type boolean. title: |- Self signed type: boolean serial_number: description: |- serial_number of SSLCertificate. title: |- Serial number type: string signature: description: |- signature of SSLCertificate. title: |- Signature type: string signature_algorithm: description: |- signature_algorithm of SSLCertificate. title: |- Signature algorithm type: string subject: $ref: '#/definitions/ALBSSLCertificateDescription' description: | Placeholder for description of property subject of obj type SSLCertificate field type str type ref. title: |- Subject subject_alt_names: description: |- subjectAltName that provides additional subject identities. items: type: string title: |- Subject alt names type: array text: description: |- text of SSLCertificate. title: |- Text type: string version: description: |- version of SSLCertificate. title: |- Version type: string title: |- SSLCertificate type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLCertificateDescription: description: |- Advanced load balancer SSLCertificateDescription object properties: common_name: description: |- common_name of SSLCertificateDescription. title: |- Common name type: string country: description: |- country of SSLCertificateDescription. title: |- Country type: string distinguished_name: description: |- distinguished_name of SSLCertificateDescription. title: |- Distinguished name type: string email_address: description: |- email_address of SSLCertificateDescription. title: |- Email address type: string locality: description: |- locality of SSLCertificateDescription. title: |- Locality type: string organization: description: |- organization of SSLCertificateDescription. title: |- Organization type: string organization_unit: description: |- organization_unit of SSLCertificateDescription. title: |- Organization unit type: string state: description: |- state of SSLCertificateDescription. title: |- State type: string title: |- SSLCertificateDescription type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLClientCertificateAction: description: |- Advanced load balancer SSLClientCertificateAction object properties: close_connection: default: false description: | Placeholder for description of property close_connection of obj type SSLClientCertificateAction field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Close connection type: boolean headers: description: | Placeholder for description of property headers of obj type SSLClientCertificateAction field type str type array. items: $ref: '#/definitions/ALBSSLClientRequestHeader' title: |- Headers type: array title: |- SSLClientCertificateAction type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLClientRequestHeader: description: |- Advanced load balancer SSLClientRequestHeader object properties: request_header: description: | If this header exists, reset the connection. If the ssl variable is specified, add a header with this value. title: |- Request header type: string request_header_value: description: | Set the request header with the value as indicated by this SSL variable. Eg. send the whole certificate in PEM format. Enum options - HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID. enum: - HTTP_POLICY_VAR_CLIENT_IP - HTTP_POLICY_VAR_VS_PORT - HTTP_POLICY_VAR_VS_IP - HTTP_POLICY_VAR_HTTP_HDR - HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT - HTTP_POLICY_VAR_SSL_CLIENT_SERIAL - HTTP_POLICY_VAR_SSL_CLIENT_ISSUER - HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT - HTTP_POLICY_VAR_SSL_CLIENT_RAW - HTTP_POLICY_VAR_SSL_PROTOCOL - HTTP_POLICY_VAR_SSL_SERVER_NAME - HTTP_POLICY_VAR_USER_NAME - HTTP_POLICY_VAR_SSL_CIPHER - HTTP_POLICY_VAR_REQUEST_ID type: string title: |- SSLClientRequestHeader type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLKeyAndCertificate: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ca_certs: description: |- CA certificates in certificate chain. items: $ref: '#/definitions/ALBCertificateAuthority' title: |- Ca certs type: array certificate: $ref: '#/definitions/ALBSSLCertificate' description: | Placeholder for description of property certificate of obj type SSLKeyAndCertificate field type str type ref. title: |- Certificate certificate_base64: default: false description: | States if the certificate is base64 encoded. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Certificate base64 type: boolean created_by: description: |- Creator name. title: |- Created by type: string dynamic_params: description: | Dynamic parameters needed for certificate management profile. items: $ref: '#/definitions/ALBCustomParams' title: |- Dynamic params type: array enable_ocsp_stapling: default: false description: | Enables OCSP Stapling. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable ocsp stapling type: boolean enckey_base64: description: | Encrypted private key corresponding to the private key (e.g. those generated by an HSM such as Thales nShield). title: |- Enckey base64 type: string enckey_name: description: | Name of the encrypted private key (e.g. those generated by an HSM such as Thales nShield). title: |- Enckey name type: string format: default: SSL_PEM description: | Format of the Key/Certificate file. Enum options - SSL_PEM, SSL_PKCS12. Default value when not specified in API or module is interpreted by ALB Controller as SSL_PEM. enum: - SSL_PEM - SSL_PKCS12 type: string hardwaresecuritymodulegroup_path: description: | It is a reference to an object of type HardwareSecurityModuleGroup. title: |- Hardwaresecuritymodulegroup path type: string key: description: |- Private key. title: |- Key type: string key_base64: default: false description: | States if the private key is base64 encoded. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Key base64 type: boolean key_params: $ref: '#/definitions/ALBSSLKeyParams' description: | Placeholder for description of property key_params of obj type SSLKeyAndCertificate field type str type ref. title: |- Key params key_passphrase: description: |- Passphrase used to encrypt the private key. title: |- Key passphrase type: string ocsp_config: $ref: '#/definitions/ALBOCSPConfig' description: |- Configuration related to OCSP. title: |- Ocsp config status: default: SSL_CERTIFICATE_FINISHED description: | Enum options - SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CERTIFICATE_FINISHED. enum: - SSL_CERTIFICATE_FINISHED - SSL_CERTIFICATE_PENDING type: string type: description: | Enum options - SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA. enum: - SSL_CERTIFICATE_TYPE_VIRTUALSERVICE - SSL_CERTIFICATE_TYPE_SYSTEM - SSL_CERTIFICATE_TYPE_CA type: string required: - certificate type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer SSLKeyAndCertificate object title: |- SSLKeyAndCertificate x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLKeyAndCertificateApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of SSLKeyAndCertificate items: $ref: '#/definitions/ALBSSLKeyAndCertificate' title: |- Array of SSLKeyAndCertificate type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | SSLKeyAndCertificateApiResponse title: |- SSLKeyAndCertificateApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLKeyECParams: description: |- Advanced load balancer SSLKeyECParams object properties: curve: default: SSL_KEY_EC_CURVE_SECP256R1 description: | Enum options - SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_EC_CURVE_SECP256R1. enum: - SSL_KEY_EC_CURVE_SECP256R1 - SSL_KEY_EC_CURVE_SECP384R1 - SSL_KEY_EC_CURVE_SECP521R1 type: string title: |- SSLKeyECParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLKeyParams: description: |- Advanced load balancer SSLKeyParams object properties: algorithm: default: SSL_KEY_ALGORITHM_RSA description: | Enum options - SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_ALGORITHM_RSA. enum: - SSL_KEY_ALGORITHM_RSA - SSL_KEY_ALGORITHM_EC type: string ec_params: $ref: '#/definitions/ALBSSLKeyECParams' description: | Placeholder for description of property ec_params of obj type SSLKeyParams field type str type ref. title: |- Ec params rsa_params: $ref: '#/definitions/ALBSSLKeyRSAParams' description: | Placeholder for description of property rsa_params of obj type SSLKeyParams field type str type ref. title: |- Rsa params required: - algorithm title: |- SSLKeyParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLKeyRSAParams: description: |- Advanced load balancer SSLKeyRSAParams object properties: exponent: default: 65537 description: | Number of exponent. Default value when not specified in API or module is interpreted by ALB Controller as 65537. format: int64 title: |- Exponent type: integer key_size: default: SSL_KEY_2048_BITS description: | Enum options - SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_2048_BITS. enum: - SSL_KEY_1024_BITS - SSL_KEY_2048_BITS - SSL_KEY_3072_BITS - SSL_KEY_4096_BITS type: string title: |- SSLKeyRSAParams type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: accepted_ciphers: default: AES:3DES:RC4 description: | Ciphers suites represented as defined by U(http //www.openssl.org/docs/apps/ciphers.html). Default value when not specified in API or module is interpreted by ALB Controller as AES:3DES:RC4. title: |- Accepted ciphers type: string accepted_versions: description: | Set of versions accepted by the server. Minimum of 1 items required. items: $ref: '#/definitions/ALBSSLVersion' title: |- Accepted versions type: array avi_tags: description: | Placeholder for description of property tags of obj type SSLProfile field type str type array. items: $ref: '#/definitions/ALBTag' title: |- Avi tags type: array cipher_enums: description: | Enum options - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_AES_256_GCM_SHA384... items: description: |- Valid ENUM values for ALBAcceptedCipherEnums enum: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_128_GCM_SHA256 type: string title: |- Cipher enums type: array ciphersuites: default: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 description: | TLS 1.3 Ciphers suites represented as defined by U(https //www.openssl.org/docs/manmaster/man1/ciphers.html). Default value when not specified in API or module is interpreted by ALB Controller as TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256. title: |- Ciphersuites type: string enable_early_data: default: false description: | Enable early data processing for TLS1.3 connections. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable early data type: boolean enable_ssl_session_reuse: default: true description: | Enable SSL session re-use. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable ssl session reuse type: boolean prefer_client_cipher_ordering: default: false description: | Prefer the SSL cipher ordering presented by the client during the SSL handshake over the one specified in the SSL Profile. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Prefer client cipher ordering type: boolean send_close_notify: default: true description: | Send 'close notify' alert message for a clean shutdown of the SSL connection. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Send close notify type: boolean ssl_rating: $ref: '#/definitions/ALBSSLRating' description: | Placeholder for description of property ssl_rating of obj type SSLProfile field type str type ref. readOnly: true title: |- Ssl rating ssl_session_timeout: default: 86400 description: | The amount of time in seconds before an SSL session expires. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 86400. format: int64 title: |- Ssl session timeout type: integer type: default: SSL_PROFILE_TYPE_APPLICATION description: | SSL Profile Type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Default value when not specified in API or module is interpreted by ALB Controller as SSL_PROFILE_TYPE_APPLICATION. enum: - SSL_PROFILE_TYPE_APPLICATION - SSL_PROFILE_TYPE_SYSTEM type: string required: - accepted_versions type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer SSLProfile object title: |- SSLProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of SSLProfile items: $ref: '#/definitions/ALBSSLProfile' title: |- Array of SSLProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | SSLProfileApiResponse title: |- SSLProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLProfileSelector: description: |- Advanced load balancer SSLProfileSelector object properties: client_ip_list: $ref: '#/definitions/ALBIpAddrMatch' description: |- Configure client IP address groups. title: |- Client ip list ssl_profile_path: description: | SSL profile for the client IP addresses listed. It is a reference to an object of type SSLProfile. title: |- Ssl profile path type: string required: - client_ip_list - ssl_profile_path title: |- SSLProfileSelector type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLRating: description: |- Advanced load balancer SSLRating object properties: compatibility_rating: description: | Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT. enum: - SSL_SCORE_NOT_SECURE - SSL_SCORE_VERY_BAD - SSL_SCORE_BAD - SSL_SCORE_AVERAGE - SSL_SCORE_GOOD - SSL_SCORE_EXCELLENT type: string performance_rating: description: | Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT. enum: - SSL_SCORE_NOT_SECURE - SSL_SCORE_VERY_BAD - SSL_SCORE_BAD - SSL_SCORE_AVERAGE - SSL_SCORE_GOOD - SSL_SCORE_EXCELLENT type: string security_score: description: |- security_score of SSLRating. title: |- Security score type: string title: |- SSLRating type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSLVersion: description: |- Advanced load balancer SSLVersion object properties: type: default: SSL_VERSION_TLS1_1 description: | Enum options - SSL_VERSION_SSLV3, SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2, SSL_VERSION_TLS1_3. Default value when not specified in API or module is interpreted by ALB Controller as SSL_VERSION_TLS1_1. enum: - SSL_VERSION_SSLV3 - SSL_VERSION_TLS1 - SSL_VERSION_TLS1_1 - SSL_VERSION_TLS1_2 - SSL_VERSION_TLS1_3 type: string required: - type title: |- SSLVersion type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSOPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: authentication_policy: $ref: '#/definitions/ALBAuthenticationPolicy' description: |- Authentication Policy Settings. title: |- Authentication policy authorization_policy: $ref: '#/definitions/ALBAuthorizationPolicy' description: |- Authorization Policy Settings. title: |- Authorization policy type: default: SSO_TYPE_SAML description: | SSO Policy Type. Enum options - SSO_TYPE_SAML, SSO_TYPE_PINGACCESS, SSO_TYPE_JWT. Default value when not specified in API or module is interpreted by ALB Controller as SSO_TYPE_SAML. enum: - SSO_TYPE_SAML - SSO_TYPE_PINGACCESS - SSO_TYPE_JWT type: string required: - authentication_policy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer SSOPolicy object title: |- SSOPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSSOPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of SSOPolicy items: $ref: '#/definitions/ALBSSOPolicy' title: |- Array of SSOPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | SSOPolicyApiResponse title: |- SSOPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSamlIdentityProviderSettings: description: |- Advanced load balancer SamlIdentityProviderSettings object properties: metadata: description: |- SAML IDP metadata. title: |- Metadata type: string title: |- SamlIdentityProviderSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSamlServiceProviderNode: description: |- Advanced load balancer SamlServiceProviderNode object properties: entity_id: description: | Globally unique entityID for this node. Entity ID on the IDP should match this. title: |- Entity id type: string name: description: |- Refers to the Cluster name identifier (Virtual IP or FQDN). title: |- Name type: string signing_ssl_key_and_certificate_path: description: | Service Engines will use this SSL certificate to sign assertions going to the IdP. It is a reference to an object of type SSLKeyAndCertificate. title: |- Signing ssl key and certificate path type: string single_signon_url: description: |- Single Signon URL to be programmed on the IDP. title: |- Single signon url type: string required: - name title: |- SamlServiceProviderNode type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSamlServiceProviderSettings: description: |- Advanced load balancer SamlServiceProviderSettings object properties: fqdn: description: |- FQDN if entity type is DNS_FQDN . title: |- Fqdn type: string org_display_name: description: |- Service Provider Organization Display Name. title: |- Org display name type: string org_name: description: |- Service Provider Organization Name. title: |- Org name type: string org_url: description: |- Service Provider Organization URL. title: |- Org url type: string saml_entity_type: description: | Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS. enum: - AUTH_SAML_CLUSTER_VIP - AUTH_SAML_DNS_FQDN - AUTH_SAML_APP_VS type: string sp_nodes: description: |- Service Provider node information. items: $ref: '#/definitions/ALBSamlServiceProviderNode' title: |- Sp nodes type: array tech_contact_email: description: |- Service Provider technical contact email. title: |- Tech contact email type: string tech_contact_name: description: |- Service Provider technical contact name. title: |- Tech contact name type: string title: |- SamlServiceProviderSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSamlSettings: description: |- Advanced load balancer SamlSettings object properties: idp: $ref: '#/definitions/ALBSamlIdentityProviderSettings' description: |- Configure remote Identity provider settings. title: |- Idp sp: $ref: '#/definitions/ALBSamlServiceProviderSettings' description: |- Configure service provider settings for the Controller. title: |- Sp required: - sp title: |- SamlSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSecurityPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_attacks: $ref: '#/definitions/ALBDnsAttacks' description: |- Attacks utilizing the DNS protocol operations. title: |- Dns attacks dns_policy_index: default: 0 description: | Index of the dns policy to use for the mitigation rules applied to the dns attacks. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Dns policy index type: integer network_security_policy_index: default: 0 description: | Index of the network security policy to use for the mitigation rules applied to the attacks. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Network security policy index type: integer oper_mode: default: DETECTION description: | Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. Default value when not specified in API or module is interpreted by ALB Controller as DETECTION. enum: - DETECTION - MITIGATION type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer SecurityPolicy object title: |- SecurityPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSecurityPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of SecurityPolicy items: $ref: '#/definitions/ALBSecurityPolicy' title: |- Array of SecurityPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | SecurityPolicyApiResponse title: |- SecurityPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSensitiveFieldRule: description: |- Advanced load balancer SensitiveFieldRule object properties: action: default: LOG_FIELD_REMOVE description: | Action for the matched log field, for instance the matched field can be removed or masked off. Enum options - LOG_FIELD_REMOVE, LOG_FIELD_MASKOFF. Default value when not specified in API or module is interpreted by ALB Controller as LOG_FIELD_REMOVE. enum: - LOG_FIELD_REMOVE - LOG_FIELD_MASKOFF type: string enabled: default: false description: | Enable rule to match the sensitive fields. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enabled type: boolean index: description: |- Index of the rule. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBStringMatch' description: |- Criterion to use for matching in the Log. title: |- Match name: description: |- Name of the rule. title: |- Name type: string title: |- SensitiveFieldRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSensitiveLogProfile: description: |- Advanced load balancer SensitiveLogProfile object properties: header_field_rules: description: |- Match sensitive header fields in HTTP application log. items: $ref: '#/definitions/ALBSensitiveFieldRule' title: |- Header field rules type: array waf_field_rules: description: |- Match sensitive WAF log fields in HTTP application log. items: $ref: '#/definitions/ALBSensitiveFieldRule' title: |- Waf field rules type: array title: |- SensitiveLogProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBServer: description: |- Advanced load balancer Server object properties: autoscaling_group_name: description: |- Name of autoscaling group this server belongs to. title: |- Autoscaling group name type: string availability_zone: description: |- Availability-zone of the server VM. title: |- Availability zone type: string description: description: |- A description of the Server. title: |- Description type: string discovered_networks: description: | (internal-use) Discovered networks providing reachability for server IP. This field is used internally by Avi, not editable by the user. items: $ref: '#/definitions/ALBDiscoveredNetwork' title: |- Discovered networks type: array enabled: default: true description: | Enable, Disable or Graceful Disable determine if new or existing connections to the server are allowed. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enabled type: boolean external_orchestration_id: description: |- UID of server in external orchestration systems. title: |- External orchestration id type: string external_uuid: description: | UUID identifying VM in OpenStack and other external compute. title: |- External uuid type: string hostname: description: | DNS resolvable name of the server. May be used in place of the IP address. title: |- Hostname type: string ip: $ref: '#/definitions/ALBIpAddr' description: | IP Address of the server. Required if there is no resolvable host name. title: |- Ip is_static: default: false description: | If statically learned. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is static type: boolean location: $ref: '#/definitions/ALBGeoLocation' description: | (internal-use) Geographic location of the server.Currently only for internal usage. title: |- Location mac_address: description: |- MAC address of server. title: |- Mac address type: string port: description: | Optionally specify the servers port number. This will override the pool's default server port attribute. Allowed values are 1-65535. Special values are 0- 'use backend port in pool'. format: int64 maximum: 65535 minimum: 0 title: |- Port type: integer prst_hdr_val: description: |- Header value for custom header persistence. title: |- Prst hdr val type: string ratio: default: 1 description: | Ratio of selecting eligible servers in the pool. Allowed values are 1-20. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 20 minimum: 1 title: |- Ratio type: integer resolve_server_by_dns: default: false description: | Auto resolve server's IP using DNS name. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Resolve server by dns type: boolean rewrite_host_header: default: false description: | Rewrite incoming Host Header to server name. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Rewrite host header type: boolean server_node: description: | Hostname of the node where the server VM or container resides. title: |- Server node type: string verify_network: default: false description: | Verify server belongs to a discovered network or reachable via a discovered network. Verify reachable network isn't the OpenStack management network. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Verify network type: boolean required: - ip title: |- Server type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBServerAutoScalePolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: intelligent_autoscale: default: false description: | Use Avi intelligent autoscale algorithm where autoscale is performed by comparing load on the pool against estimated capacity of all the servers. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Intelligent autoscale type: boolean intelligent_scalein_margin: default: 40 description: | Maximum extra capacity as percentage of load used by the intelligent scheme. Scalein is triggered when available capacity is more than this margin. Allowed values are 1-99. Default value when not specified in API or module is interpreted by ALB Controller as 40. format: int64 maximum: 99 minimum: 1 title: |- Intelligent scalein margin type: integer intelligent_scaleout_margin: default: 20 description: | Minimum extra capacity as percentage of load used by the intelligent scheme. Scaleout is triggered when available capacity is less than this margin. Allowed values are 1-99. Default value when not specified in API or module is interpreted by ALB Controller as 20. format: int64 maximum: 99 minimum: 1 title: |- Intelligent scaleout margin type: integer max_scalein_adjustment_step: default: 1 description: | Maximum number of servers to scalein simultaneously. The actual number of servers to scalein is chosen such that target number of servers is always more than or equal to the min_size. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 title: |- Max scalein adjustment step type: integer max_scaleout_adjustment_step: default: 1 description: | Maximum number of servers to scaleout simultaneously. The actual number of servers to scaleout is chosen such that target number of servers is always less than or equal to the max_size. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 title: |- Max scaleout adjustment step type: integer max_size: description: | Maximum number of servers after scaleout. Allowed values are 0-400. format: int64 maximum: 400 minimum: 0 title: |- Max size type: integer min_size: description: | No scale-in happens once number of operationally up servers reach min_servers. Allowed values are 0-400. format: int64 maximum: 400 minimum: 0 title: |- Min size type: integer scalein_cooldown: default: 300 description: | Cooldown period during which no new scalein is triggered to allow previous scalein to successfully complete. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. format: int64 title: |- Scalein cooldown type: integer scaleout_cooldown: default: 300 description: | Cooldown period during which no new scaleout is triggered to allow previous scaleout to successfully complete. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. format: int64 title: |- Scaleout cooldown type: integer use_predicted_load: default: false description: | Use predicted load rather than current load. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use predicted load type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer ServerAutoScalePolicy object title: |- ServerAutoScalePolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBServerAutoScalePolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of ServerAutoScalePolicy items: $ref: '#/definitions/ALBServerAutoScalePolicy' title: |- Array of ServerAutoScalePolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | ServerAutoScalePolicyApiResponse title: |- ServerAutoScalePolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBService: description: |- Advanced load balancer Service object properties: enable_http2: default: false description: | Enable HTTP2 on this port. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable http2 type: boolean enable_ssl: default: false description: | Enable SSL termination and offload for traffic from clients. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable ssl type: boolean override_application_profile_path: description: | Enable application layer specific features for the this specific service. It is a reference to an object of type ApplicationProfile. title: |- Override application profile path type: string override_network_profile_path: description: | Override the network profile for this specific service port. It is a reference to an object of type NetworkProfile. title: |- Override network profile path type: string port: description: | The Virtual Service's port number. Allowed values are 0-65535. format: int64 maximum: 65535 minimum: 0 title: |- Port type: integer port_range_end: default: 0 description: | The end of the Virtual Service's port number range. Allowed values are 1-65535. Special values are 0- 'single port'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 65535 minimum: 0 title: |- Port range end type: integer required: - port title: |- Service type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBServicePoolSelector: description: |- Advanced load balancer ServicePoolSelector object properties: service_pool_group_path: description: |- It is a reference to an object of type PoolGroup. title: |- Service pool group path type: string service_pool_path: description: |- It is a reference to an object of type Pool. title: |- Service pool path type: string service_port: description: | Pool based destination port. Allowed values are 1-65535. format: int64 maximum: 65535 minimum: 1 title: |- Service port type: integer service_port_range_end: default: 0 description: | The end of the Service port number range. Allowed values are 1-65535. Special values are 0- 'single port'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 65535 minimum: 0 title: |- Service port range end type: integer service_protocol: description: | Destination protocol to match for the pool selection. If not specified, it will match any protocol. Enum options - PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY. enum: - PROTOCOL_TYPE_TCP_PROXY - PROTOCOL_TYPE_TCP_FAST_PATH - PROTOCOL_TYPE_UDP_FAST_PATH - PROTOCOL_TYPE_UDP_PROXY type: string required: - service_port title: |- ServicePoolSelector type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSidebandProfile: description: |- Advanced load balancer SidebandProfile object properties: ip: description: |- IP Address of the sideband server. items: $ref: '#/definitions/ALBIpAddr' title: |- Ip type: array sideband_max_request_body_size: default: 1024 description: | Maximum size of the request body that will be sent on the sideband. Allowed values are 0-16384. Unit is BYTES. Default value when not specified in API or module is interpreted by ALB Controller as 1024. format: int64 maximum: 16384 minimum: 0 title: |- Sideband max request body size type: integer title: |- SidebandProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBSipServiceApplicationProfile: description: |- Advanced load balancer SipServiceApplicationProfile object properties: transaction_timeout: default: 32 description: | SIP transaction timeout in seconds. Allowed values are 2-512. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 32. format: int64 maximum: 512 minimum: 2 title: |- Transaction timeout type: integer title: |- SipServiceApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBStreamingSyslogConfig: description: |- Advanced load balancer StreamingSyslogConfig object properties: facility: default: 16 description: | Facility value, as defined in RFC5424, must be between 0 and 23 inclusive. Allowed values are 0-23. Default value when not specified in API or module is interpreted by ALB Controller as 16. format: int64 maximum: 23 minimum: 0 title: |- Facility type: integer filtered_log_severity: default: 5 description: | Severity code, as defined in RFC5424, for filtered logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 5. format: int64 maximum: 7 minimum: 0 title: |- Filtered log severity type: integer hostname: default: AviVantage description: | String to use as the hostname in the syslog messages. This string can contain only printable ASCII characters (hex 21 to hex 7E; no space allowed). Default value when not specified in API or module is interpreted by ALB Controller as AviVantage. title: |- Hostname type: string non_significant_log_severity: default: 6 description: | Severity code, as defined in RFC5424, for non-significant logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 6. format: int64 maximum: 7 minimum: 0 title: |- Non significant log severity type: integer significant_log_severity: default: 4 description: | Severity code, as defined in RFC5424, for significant logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 4. format: int64 maximum: 7 minimum: 0 title: |- Significant log severity type: integer title: |- StreamingSyslogConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBStringGroup: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: kv: description: |- Configure Key Value in the string group. items: $ref: '#/definitions/ALBKeyValue' title: |- Kv type: array longest_match: default: false description: | Enable the longest match, default is the shortest match. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Longest match type: boolean type: default: SG_TYPE_STRING description: | Type of StringGroup. Enum options - SG_TYPE_STRING, SG_TYPE_KEYVAL. Default value when not specified in API or module is interpreted by ALB Controller as SG_TYPE_STRING. enum: - SG_TYPE_STRING - SG_TYPE_KEYVAL type: string required: - type type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer StringGroup object title: |- StringGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBStringGroupApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of StringGroup items: $ref: '#/definitions/ALBStringGroup' title: |- Array of StringGroup type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | StringGroupApiResponse title: |- StringGroupApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBStringMatch: description: |- Advanced load balancer StringMatch object properties: match_criteria: description: | Criterion to use for string matching the HTTP request. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. enum: - BEGINS_WITH - DOES_NOT_BEGIN_WITH - CONTAINS - DOES_NOT_CONTAIN - ENDS_WITH - DOES_NOT_END_WITH - EQUALS - DOES_NOT_EQUAL - REGEX_MATCH - REGEX_DOES_NOT_MATCH type: string match_str: description: |- String value(s). items: type: string title: |- Match str type: array string_group_paths: description: | path of the string group(s). It is a reference to an object of type StringGroup. items: type: string title: |- String group paths type: array required: - match_criteria title: |- StringMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTCPApplicationProfile: description: |- Advanced load balancer TCPApplicationProfile object properties: pki_profile_path: description: | Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List. It is a reference to an object of type PKIProfile. title: |- Pki profile path type: string proxy_protocol_enabled: default: false description: | Enable/Disable the usage of proxy protocol to convey client connection information to the back-end servers. Valid only for L4 application profiles and TCP proxy. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Proxy protocol enabled type: boolean proxy_protocol_version: default: PROXY_PROTOCOL_VERSION_1 description: | Version of proxy protocol to be used to convey client connection information to the back-end servers. Enum options - PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2. Default value when not specified in API or module is interpreted by ALB Controller as PROXY_PROTOCOL_VERSION_1. enum: - PROXY_PROTOCOL_VERSION_1 - PROXY_PROTOCOL_VERSION_2 type: string ssl_client_certificate_mode: default: SSL_CLIENT_CERTIFICATE_NONE description: | Specifies whether the client side verification is set to none, request or require. Enum options - SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CLIENT_CERTIFICATE_NONE. enum: - SSL_CLIENT_CERTIFICATE_NONE - SSL_CLIENT_CERTIFICATE_REQUEST - SSL_CLIENT_CERTIFICATE_REQUIRE type: string title: |- TCPApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTCPFastPathProfile: description: |- Advanced load balancer TCPFastPathProfile object properties: dsr_profile: $ref: '#/definitions/ALBDsrProfile' description: |- DSR profile information. title: |- Dsr profile enable_syn_protection: default: false description: | When enabled, Avi will complete the 3-way handshake with the client before forwarding any packets to the server. This will protect the server from SYN flood and half open SYN connections. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable syn protection type: boolean session_idle_timeout: default: 300 description: | The amount of time (in sec) for which a connection needs to be idle before it is eligible to be deleted. Allowed values are 5-14400. Special values are 0 - 'infinite'. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. format: int64 maximum: 14400 minimum: 0 title: |- Session idle timeout type: integer title: |- TCPFastPathProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTCPProxyProfile: description: |- Advanced load balancer TCPProxyProfile object properties: aggressive_congestion_avoidance: default: false description: | Controls the our congestion window to send, normally it's 1 mss, If this option is turned on, we use 10 msses. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Aggressive congestion avoidance type: boolean auto_window_growth: default: true description: | Controls whether the windows are static or supports autogrowth. Maximum that it can grow to is limited to 4MB. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Auto window growth type: boolean automatic: default: true description: | Dynamically pick the relevant parameters for connections. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Automatic type: boolean cc_algo: default: CC_ALGO_NEW_RENO description: | Controls the congestion control algorithm we use. Enum options - CC_ALGO_NEW_RENO, CC_ALGO_CUBIC, CC_ALGO_HTCP. Default value when not specified in API or module is interpreted by ALB Controller as CC_ALGO_NEW_RENO. enum: - CC_ALGO_NEW_RENO - CC_ALGO_CUBIC - CC_ALGO_HTCP type: string congestion_recovery_scaling_factor: default: 2 description: | Congestion window scaling factor after recovery. Allowed values are 0-8. Default value when not specified in API or module is interpreted by ALB Controller as 2. format: int64 maximum: 8 minimum: 0 title: |- Congestion recovery scaling factor type: integer idle_connection_timeout: default: 600 description: | The duration for keepalive probes or session idle timeout. Max value is 3600 seconds, min is 5. Set to 0 to allow infinite idle time. Allowed values are 5-14400. Special values are 0 - 'infinite'. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 600. format: int64 maximum: 14400 minimum: 0 title: |- Idle connection timeout type: integer idle_connection_type: default: KEEP_ALIVE description: | Controls the behavior of idle connections. Enum options - KEEP_ALIVE, CLOSE_IDLE. Default value when not specified in API or module is interpreted by ALB Controller as KEEP_ALIVE. enum: - KEEP_ALIVE - CLOSE_IDLE type: string ignore_time_wait: default: false description: | A new SYN is accepted from the same 4-tuple even if there is already a connection in TIME_WAIT state. This is equivalent of setting Time Wait Delay to 0. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ignore time wait type: boolean ip_dscp: default: 0 description: | Controls the value of the Differentiated Services Code Point field inserted in the IP header. This has two options Set to a specific value, or Pass Through, which uses the incoming DSCP value. Allowed values are 0-63. Special values are MAX - 'Passthrough'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 63 minimum: 0 title: |- Ip dscp type: integer keepalive_in_halfclose_state: default: true description: | Controls whether to keep the connection alive with keepalive messages in the TCP half close state. The interval for sending keepalive messages is 30s. If a timeout is already configured in the network profile, this will not override it. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Keepalive in halfclose state type: boolean max_retransmissions: default: 8 description: | The number of attempts at retransmit before closing the connection. Allowed values are 3-8. Default value when not specified in API or module is interpreted by ALB Controller as 8. format: int64 maximum: 8 minimum: 3 title: |- Max retransmissions type: integer max_segment_size: description: | Maximum TCP segment size. Allowed values are 512-9000. Special values are 0 - 'Use Interface MTU'. Unit is BYTES. format: int64 maximum: 9000 minimum: 0 title: |- Max segment size type: integer max_syn_retransmissions: default: 8 description: | The maximum number of attempts at retransmitting a SYN packet before giving up. Allowed values are 3-8. Default value when not specified in API or module is interpreted by ALB Controller as 8. format: int64 maximum: 8 minimum: 3 title: |- Max syn retransmissions type: integer min_rexmt_timeout: description: | The minimum wait time (in millisec) to retransmit packet. Allowed values are 50-5000. Unit is MILLISECONDS. format: int64 maximum: 5000 minimum: 50 title: |- Min rexmt timeout type: integer nagles_algorithm: default: false description: | Consolidates small data packets to send clients fewer but larger packets. Adversely affects real time protocols such as telnet or SSH. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Nagles algorithm type: boolean reassembly_queue_size: default: 0 description: | Maximum number of TCP segments that can be queued for reassembly. Configuring this to 0 disables the feature and provides unlimited queuing. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 title: |- Reassembly queue size type: integer receive_window: default: 64 description: | Size of the receive window. Allowed values are 2-65536. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 64. format: int64 maximum: 65536 minimum: 2 title: |- Receive window type: integer reorder_threshold: description: | Controls the number of duplicate acks required to trigger retransmission. Setting a higher value reduces retransmission caused by packet reordering. A larger value is recommended in public cloud environments where packet reordering is quite common. The default value is 8 in public cloud platforms (AWS, Azure, GCP), and 3 in other environments. Allowed values are 1-100. format: int64 maximum: 100 minimum: 1 title: |- Reorder threshold type: integer slow_start_scaling_factor: default: 1 description: | Congestion window scaling factor during slow start. Allowed values are 0-8. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 8 minimum: 0 title: |- Slow start scaling factor type: integer time_wait_delay: default: 2000 description: | The time (in millisec) to wait before closing a connection in the TIME_WAIT state. Allowed values are 500-2000. Special values are 0 - 'immediate'. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 2000. format: int64 maximum: 2000 minimum: 0 title: |- Time wait delay type: integer use_interface_mtu: default: true description: | Use the interface MTU to calculate the TCP max segment size. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Use interface mtu type: boolean title: |- TCPProxyProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTacacsPlusAuthSettings: description: |- Advanced load balancer TacacsPlusAuthSettings object properties: authorization_attrs: description: |- TACACS+ authorization attribute value pairs. items: $ref: '#/definitions/ALBAuthTacacsPlusAttributeValuePair' title: |- Authorization attrs type: array password: description: |- TACACS+ server shared secret. title: |- Password type: string port: default: 49 description: | TACACS+ server listening port. Default value when not specified in API or module is interpreted by ALB Controller as 49. format: int64 title: |- Port type: integer server: description: | TACACS+ server IP address or FQDN. Minimum of 1 items required. items: type: string title: |- Server type: array service: default: AUTH_TACACS_PLUS_SERVICE_LOGIN description: | TACACS+ service. Enum options - AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_TACACS_PLUS_SERVICE_LOGIN. enum: - AUTH_TACACS_PLUS_SERVICE_NONE - AUTH_TACACS_PLUS_SERVICE_LOGIN - AUTH_TACACS_PLUS_SERVICE_ENABLE - AUTH_TACACS_PLUS_SERVICE_PPP - AUTH_TACACS_PLUS_SERVICE_ARAP - AUTH_TACACS_PLUS_SERVICE_PT - AUTH_TACACS_PLUS_SERVICE_RCMD - AUTH_TACACS_PLUS_SERVICE_X25 - AUTH_TACACS_PLUS_SERVICE_NASI - AUTH_TACACS_PLUS_SERVICE_FWPROXY type: string required: - server title: |- TacacsPlusAuthSettings type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTag: description: |- Advanced load balancer Tag object properties: type: default: USER_DEFINED description: | Enum options - AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED. Default value when not specified in API or module is interpreted by ALB Controller as USER_DEFINED. enum: - AVI_DEFINED - USER_DEFINED - VCENTER_DEFINED type: string value: description: |- value of Tag. title: |- Value type: string required: - value title: |- Tag type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTrafficCloneProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: clone_servers: description: |- Maximum of 10 items allowed. items: $ref: '#/definitions/ALBCloneServer' title: |- Clone servers type: array preserve_client_ip: default: false description: | Specifies if client IP needs to be preserved to clone destination. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Preserve client ip type: boolean type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer TrafficCloneProfile object title: |- TrafficCloneProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBTrafficCloneProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of TrafficCloneProfile items: $ref: '#/definitions/ALBTrafficCloneProfile' title: |- Array of TrafficCloneProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | TrafficCloneProfileApiResponse title: |- TrafficCloneProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBUDPFastPathProfile: description: |- Advanced load balancer UDPFastPathProfile object properties: dsr_profile: $ref: '#/definitions/ALBDsrProfile' description: |- DSR profile information. title: |- Dsr profile per_pkt_loadbalance: default: false description: | When enabled, every UDP packet is considered a new transaction and may be load balanced to a different server. When disabled, packets from the same client source IP and port are sent to the same server. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Per pkt loadbalance type: boolean session_idle_timeout: default: 10 description: | The amount of time (in sec) for which a flow needs to be idle before it is deleted. Allowed values are 2-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 3600 minimum: 2 title: |- Session idle timeout type: integer snat: default: true description: | When disabled, Source NAT will not be performed for all client UDP packets. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Snat type: boolean title: |- UDPFastPathProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBUDPProxyProfile: description: |- Advanced load balancer UDPProxyProfile object properties: session_idle_timeout: default: 10 description: | The amount of time (in sec) for which a flow needs to be idle before it is deleted. Allowed values are 2-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. format: int64 maximum: 3600 minimum: 2 title: |- Session idle timeout type: integer title: |- UDPProxyProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBURIParam: description: |- Advanced load balancer URIParam object properties: tokens: description: | Token config either for the URI components or a constant string. Minimum of 1 items required. items: $ref: '#/definitions/ALBURIParamToken' title: |- Tokens type: array type: description: | URI param type. Enum options - URI_PARAM_TYPE_TOKENIZED. enum: - URI_PARAM_TYPE_TOKENIZED type: string required: - tokens - type title: |- URIParam type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBURIParamQuery: description: |- Advanced load balancer URIParamQuery object properties: add_string: description: | Concatenate a string to the query of the incoming request URI and then use it in the request URI going to the backend server. title: |- Add string type: string keep_query: default: true description: | Use or drop the query of the incoming request URI in the request URI to the backend server. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Keep query type: boolean title: |- URIParamQuery type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBURIParamToken: description: |- Advanced load balancer URIParamToken object properties: end_index: description: | Index of the ending token in the incoming URI. Allowed values are 0-65534. Special values are 65535 - 'end of string'. format: int64 maximum: 65535 minimum: 0 title: |- End index type: integer start_index: description: |- Index of the starting token in the incoming URI. format: int64 title: |- Start index type: integer str_value: description: |- Constant string to use as a token. title: |- Str value type: string type: description: | Token type for constructing the URI. Enum options - URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX. enum: - URI_TOKEN_TYPE_HOST - URI_TOKEN_TYPE_PATH - URI_TOKEN_TYPE_STRING - URI_TOKEN_TYPE_STRING_GROUP - URI_TOKEN_TYPE_REGEX type: string required: - type title: |- URIParamToken type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVSDataScript: description: |- Advanced load balancer VSDataScript object properties: evt: description: | Event triggering execution of datascript. Enum options - VS_DATASCRIPT_EVT_HTTP_REQ, VS_DATASCRIPT_EVT_HTTP_RESP, VS_DATASCRIPT_EVT_HTTP_RESP_DATA, VS_DATASCRIPT_EVT_HTTP_LB_FAILED, VS_DATASCRIPT_EVT_HTTP_REQ_DATA, VS_DATASCRIPT_EVT_HTTP_RESP_FAILED, VS_DATASCRIPT_EVT_HTTP_LB_DONE, VS_DATASCRIPT_EVT_HTTP_AUTH, VS_DATASCRIPT_EVT_HTTP_POST_AUTH, VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT, VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE, VS_DATASCRIPT_EVT_DNS_REQ, VS_DATASCRIPT_EVT_DNS_RESP, VS_DATASCRIPT_EVT_L4_REQUEST, VS_DATASCRIPT_EVT_L4_RESPONSE, VS_DATASCRIPT_EVT_MAX. enum: - VS_DATASCRIPT_EVT_HTTP_REQ - VS_DATASCRIPT_EVT_HTTP_RESP - VS_DATASCRIPT_EVT_HTTP_RESP_DATA - VS_DATASCRIPT_EVT_HTTP_LB_FAILED - VS_DATASCRIPT_EVT_HTTP_REQ_DATA - VS_DATASCRIPT_EVT_HTTP_RESP_FAILED - VS_DATASCRIPT_EVT_HTTP_LB_DONE - VS_DATASCRIPT_EVT_HTTP_AUTH - VS_DATASCRIPT_EVT_HTTP_POST_AUTH - VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT - VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE - VS_DATASCRIPT_EVT_DNS_REQ - VS_DATASCRIPT_EVT_DNS_RESP - VS_DATASCRIPT_EVT_L4_REQUEST - VS_DATASCRIPT_EVT_L4_RESPONSE - VS_DATASCRIPT_EVT_MAX type: string script: description: |- Datascript to execute when the event triggers. title: |- Script type: string required: - evt - script title: |- VSDataScript type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVSDataScriptSet: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: created_by: description: |- Creator name. title: |- Created by type: string datascript: description: |- DataScripts to execute. items: $ref: '#/definitions/ALBVSDataScript' title: |- Datascript type: array ipgroup_paths: description: | path of IP Groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type IpAddrGroup. items: type: string title: |- Ipgroup paths type: array pool_group_paths: description: | path of pool groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type PoolGroup. items: type: string title: |- Pool group paths type: array pool_paths: description: | path of pools that could be referred by VSDataScriptSet objects. It is a reference to an object of type Pool. items: type: string title: |- Pool paths type: array protocol_parser_paths: description: | List of protocol parsers that could be referred by VSDataScriptSet objects. It is a reference to an object of type ProtocolParser. items: type: string title: |- Protocol parser paths type: array rate_limiters: description: | The Rate Limit definitions needed for this DataScript. The name is composed of the Virtual Service name and the DataScript name. items: $ref: '#/definitions/ALBRateLimiter' title: |- Rate limiters type: array string_group_paths: description: | path of String Groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type StringGroup. items: type: string title: |- String group paths type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer VSDataScriptSet object title: |- VSDataScriptSet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVSDataScriptSetApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of VSDataScriptSet items: $ref: '#/definitions/ALBVSDataScriptSet' title: |- Array of VSDataScriptSet type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | VSDataScriptSetApiResponse title: |- VSDataScriptSetApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVSDataScripts: description: |- Advanced load balancer VSDataScripts object properties: index: description: |- Index of the virtual service datascript collection. format: int64 title: |- Index type: integer vs_datascript_set_path: description: | path of the virtual service datascript collection. It is a reference to an object of type VSDataScriptSet. title: |- Vs datascript set path type: string required: - index - vs_datascript_set_path title: |- VSDataScripts type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVip: description: |- Advanced load balancer Vip object properties: auto_allocate_floating_ip: default: false description: | Auto-allocate floating/elastic IP from the Cloud infrastructure. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Auto allocate floating ip type: boolean auto_allocate_ip: default: false description: | Auto-allocate VIP from the provided subnet. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Auto allocate ip type: boolean auto_allocate_ip_type: default: V4_ONLY description: | Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type. Enum options - V4_ONLY, V6_ONLY, V4_V6. Default value when not specified in API or module is interpreted by ALB Controller as V4_ONLY. enum: - V4_ONLY - V6_ONLY - V4_V6 type: string availability_zone: description: |- Availability-zone to place the Virtual Service. title: |- Availability zone type: string avi_allocated_fip: default: false description: | (internal-use) FIP allocated by Avi in the Cloud infrastructure. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Avi allocated fip type: boolean avi_allocated_vip: default: false description: | (internal-use) VIP allocated by Avi in the Cloud infrastructure. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Avi allocated vip type: boolean discovered_networks: description: | Discovered networks providing reachability for client facing Vip IP. items: $ref: '#/definitions/ALBDiscoveredNetwork' title: |- Discovered networks type: array enabled: default: true description: | Enable or disable the Vip. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enabled type: boolean floating_ip: $ref: '#/definitions/ALBIpAddr' description: |- Floating IPv4 to associate with this Vip. title: |- Floating ip floating_ip6: $ref: '#/definitions/ALBIpAddr' description: |- Floating IPv6 address to associate with this Vip. title: |- Floating ip6 floating_subnet6_uuid: description: | If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IPv6 address allocation. title: |- Floating subnet6 uuid type: string floating_subnet_uuid: description: | If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IP address allocation. title: |- Floating subnet uuid type: string ip6_address: $ref: '#/definitions/ALBIpAddr' description: |- IPv6 Address of the Vip. title: |- Ip6 address ip_address: $ref: '#/definitions/ALBIpAddr' description: |- IPv4 Address of the VIP. title: |- Ip address ipam_network_subnet: $ref: '#/definitions/ALBIPNetworkSubnet' description: | Subnet and/or Network for allocating VirtualService IP by IPAM Provider module. title: |- Ipam network subnet network_path: description: | Manually override the network on which the Vip is placed. It is a reference to an object of type Network. title: |- Network path type: string placement_networks: description: | Placement networks/subnets to use for vip placement. Maximum of 10 items allowed. items: $ref: '#/definitions/ALBVipPlacementNetwork' title: |- Placement networks type: array port_uuid: description: |- (internal-use) Network port assigned to the Vip IP address. title: |- Port uuid type: string prefix_length: default: 32 description: | Mask applied for the Vip, non-default mask supported only for wildcard Vip. Allowed values are 0-32. Default value when not specified in API or module is interpreted by ALB Controller as 32. format: int64 maximum: 32 minimum: 0 title: |- Prefix length type: integer subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: |- Subnet providing reachability for client facing Vip IP. title: |- Subnet subnet6: $ref: '#/definitions/ALBIpAddrPrefix' description: |- Subnet providing reachability for client facing Vip IPv6. title: |- Subnet6 subnet6_uuid: description: | If auto_allocate_ip is True, then the subnet for the Vip IPv6 address allocation. This field is applicable only if the VirtualService belongs to an Openstack or AWS cloud, in which case it is mandatory, if auto_allocate is selected. title: |- Subnet6 uuid type: string subnet_uuid: description: | If auto_allocate_ip is True, then the subnet for the Vip IP address allocation. This field is applicable only if the VirtualService belongs to an Openstack or AWS cloud, in which case it is mandatory, if auto_allocate is selected. title: |- Subnet uuid type: string vip_id: description: |- Unique ID associated with the vip. title: |- Vip id type: string required: - vip_id title: |- Vip type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVipPlacementNetwork: description: |- Advanced load balancer VipPlacementNetwork object properties: network_path: description: | Network to use for vip placement. It is a reference to an object of type Network. title: |- Network path type: string subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: |- IPv4 Subnet to use for vip placement. title: |- Subnet subnet6: $ref: '#/definitions/ALBIpAddrPrefix' description: |- IPv6 subnet to use for vip placement. title: |- Subnet6 title: |- VipPlacementNetwork type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVirtualService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_standby_se_tag: default: ACTIVE_STANDBY_SE_1 description: | This configuration only applies if the VirtualService is in Legacy Active Standby HA mode and Load Distribution among Active Standby is enabled. This field is used to tag the VirtualService so that VirtualServices with the same tag will share the same Active ServiceEngine. VirtualServices with different tags will have different Active ServiceEngines. If one of the ServiceEngine's in the ServiceEngineGroup fails, all VirtualServices will end up using the same Active ServiceEngine. Redistribution of the VirtualServices can be either manual or automated when the failed ServiceEngine recovers. Redistribution is based on the auto redistribute property of the ServiceEngineGroup. Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2. Default value when not specified in API or module is interpreted by ALB Controller as ACTIVE_STANDBY_SE_1. enum: - ACTIVE_STANDBY_SE_1 - ACTIVE_STANDBY_SE_2 type: string advertise_down_vs: default: false description: | Keep advertising Virtual Service via BGP even if it is marked down by health monitor. This setting takes effect for future Virtual Service flaps. To advertise current VSes that are down, please disable and re-enable the Virtual Service. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Advertise down vs type: boolean allow_invalid_client_cert: default: false description: | Process request even if invalid client certificate is presented. Datascript APIs need to be used for processing of such requests. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Allow invalid client cert type: boolean analytics_policy: $ref: '#/definitions/ALBAnalyticsPolicy' description: |- Determines analytics settings for the application. title: |- Analytics policy analytics_profile_path: description: | Specifies settings related to analytics. It is a reference to an object of type AnalyticsProfile. title: |- Analytics profile path type: string apic_contract_graph: description: | The name of the Contract/Graph associated with the Virtual Service. Should be in the format. This is applicable only for Service Integration mode with Cisco APIC Controller . title: |- Apic contract graph type: string application_profile_path: description: | Enable application layer specific features for the Virtual Service. It is a reference to an object of type ApplicationProfile. title: |- Application profile path type: string azure_availability_set: description: | (internal-use)Applicable for Azure only. Azure Availability set to which this VS is associated. Internally set by the cloud connector. title: |- Azure availability set type: string bulk_sync_kvcache: default: false description: | (This is a beta feature). Sync Key-Value cache to the new SEs when VS is scaled out. For ex SSL sessions are stored using VS's Key-Value cache. When the VS is scaled out, the SSL session information is synced to the new SE, allowing existing SSL sessions to be reused on the new SE. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Bulk sync kvcache type: boolean client_auth: $ref: '#/definitions/ALBHTTPClientAuthenticationParams' description: |- HTTP authentication configuration for protected resources. title: |- Client auth close_client_conn_on_config_update: default: false description: | close client connection on vs config update. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Close client conn on config update type: boolean cloud_config_cksum: description: | Checksum of cloud configuration for VS. Internally set by cloud connector. title: |- Cloud config cksum type: string cloud_type: default: CLOUD_NONE description: | Enum options - CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP, CLOUD_NSXT. Default value when not specified in API or module is interpreted by ALB Controller as CLOUD_NONE. enum: - CLOUD_NONE - CLOUD_VCENTER - CLOUD_OPENSTACK - CLOUD_AWS - CLOUD_VCA - CLOUD_APIC - CLOUD_MESOS - CLOUD_LINUXSERVER - CLOUD_DOCKER_UCP - CLOUD_RANCHER - CLOUD_OSHIFT_K8S - CLOUD_AZURE - CLOUD_GCP - CLOUD_NSXT type: string connections_rate_limit: $ref: '#/definitions/ALBRateProfile' description: | Rate limit the incoming connections to this virtual service. title: |- Connections rate limit content_rewrite: $ref: '#/definitions/ALBContentRewriteProfile' description: | Profile used to match and rewrite strings in request and/or response body. title: |- Content rewrite created_by: description: |- Creator name. title: |- Created by type: string delay_fairness: default: false description: | Select the algorithm for QoS fairness. This determines how multiple Virtual Services sharing the same Service Engines will prioritize traffic over a congested network. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Delay fairness type: boolean dns_info: description: | Service discovery specific data including fully qualified domain name, type and Time-To-Live of the DNS record. Note that only one of fqdn and dns_info setting is allowed. Maximum of 1000 items allowed. items: $ref: '#/definitions/ALBDnsInfo' title: |- Dns info type: array dns_policies: description: | DNS Policies applied on the dns traffic of the Virtual Service. items: $ref: '#/definitions/ALBDnsPolicies' title: |- Dns policies type: array east_west_placement: default: false description: | Force placement on all SE's in service group (Mesos mode only). Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- East west placement type: boolean enable_autogw: default: true description: | Response traffic to clients will be sent back to the source MAC address of the connection, rather than statically sent to a default gateway. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable autogw type: boolean enable_rhi: description: | Enable Route Health Injection using the BGP Config in the vrf context. title: |- Enable rhi type: boolean enable_rhi_snat: description: | Enable Route Health Injection for Source NAT'ted floating IP Address using the BGP Config in the vrf context. title: |- Enable rhi snat type: boolean enabled: default: true description: | Enable or disable the Virtual Service. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enabled type: boolean error_page_profile_path: description: | Error Page Profile to be used for this virtualservice.This profile is used to send the custom error page to the client generated by the proxy. It is a reference to an object of type ErrorPageProfile. title: |- Error page profile path type: string flow_dist: default: LOAD_AWARE description: | Criteria for flow distribution among SEs. Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT. Default value when not specified in API or module is interpreted by ALB Controller as LOAD_AWARE. enum: - LOAD_AWARE - CONSISTENT_HASH_SOURCE_IP_ADDRESS - CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT type: string flow_label_type: default: NO_LABEL description: | Criteria for flow labelling. Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL. Default value when not specified in API or module is interpreted by ALB Controller as NO_LABEL. enum: - NO_LABEL - APPLICATION_LABEL - SERVICE_LABEL type: string fqdn: description: | DNS resolvable, fully qualified domain name of the virtualservice. Only one of 'fqdn' and 'dns_info' configuration is allowed. title: |- Fqdn type: string group_paths: description: | A list of NSX Groups representing the Clients which can access the Virtual IP of the Virtual Service. items: type: string title: |- Group paths type: array host_name_xlate: description: | Translate the host name sent to the servers to this value. Translate the host name sent from servers back to the value used by the client. title: |- Host name xlate type: string http_policies: description: | HTTP Policies applied on the data traffic of the Virtual Service. items: $ref: '#/definitions/ALBHTTPPolicies' title: |- Http policies type: array ign_pool_net_reach: default: false description: | Ignore Pool servers network reachability constraints for Virtual Service placement. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Ign pool net reach type: boolean l4_policies: description: | L4 Policies applied to the data traffic of the Virtual Service. items: $ref: '#/definitions/ALBL4Policies' title: |- L4 policies type: array limit_doser: default: false description: | Limit potential DoS attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Limit doser type: boolean max_cps_per_client: default: 0 description: | Maximum connections per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1000 minimum: 0 title: |- Max cps per client type: integer min_pools_up: description: |- Minimum number of UP pools to mark VS up. format: int64 title: |- Min pools up type: integer network_profile_path: description: | Determines network settings such as protocol, TCP or UDP, and related options for the protocol. It is a reference to an object of type NetworkProfile. title: |- Network profile path type: string network_security_policy_path: description: | Network security policies for the Virtual Service. It is a reference to an object of type NetworkSecurityPolicy. title: |- Network security policy path type: string performance_limits: $ref: '#/definitions/ALBPerformanceLimits' description: | Optional settings that determine performance limits like max connections or bandwdith etc. title: |- Performance limits pool_group_path: description: | The pool group is an object that contains pools. It is a reference to an object of type PoolGroup. title: |- Pool group path type: string pool_path: description: | The pool is an object that contains destination servers and related attributes such as load-balancing and persistence. It is a reference to an object of type Pool. title: |- Pool path type: string remove_listening_port_on_vs_down: default: false description: | Remove listening port if VirtualService is down. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Remove listening port on vs down type: boolean requests_rate_limit: $ref: '#/definitions/ALBRateProfile' description: |- Rate limit the incoming requests to this virtual service. title: |- Requests rate limit saml_sp_config: $ref: '#/definitions/ALBSAMLSPConfig' description: |- Application-specific SAML config. title: |- Saml sp config se_group_name: description: | The Service Engine Group to use for this Virtual Service. Moving to a new SE Group is disruptive to existing connections for this VS. It is a reference to an object of type ServiceEngineGroup. title: |- Se group name type: string security_policy_path: description: | Security policy applied on the traffic of the Virtual Service. This policy is used to perform security actions such as Distributed Denial of Service (DDoS) attack mitigation, etc. It is a reference to an object of type SecurityPolicy. title: |- Security policy path type: string server_network_profile_path: description: | Determines the network settings profile for the server side of TCP proxied connections. Leave blank to use the same settings as the client to VS side of the connection. It is a reference to an object of type NetworkProfile. title: |- Server network profile path type: string service_metadata: description: | Metadata pertaining to the Service provided by this virtual service. In Openshift/Kubernetes environments, egress pod info is stored. Any user input to this field will be overwritten by Avi Vantage. title: |- Service metadata type: string service_pool_select: description: |- Select pool based on destination port. items: $ref: '#/definitions/ALBServicePoolSelector' title: |- Service pool select type: array services: description: | List of Services defined for this Virtual Service. Maximum of 2048 items allowed. items: $ref: '#/definitions/ALBService' title: |- Services type: array sideband_profile: $ref: '#/definitions/ALBSidebandProfile' description: | Sideband configuration to be used for this virtualservice.It can be used for sending traffic to sideband VIPs for external inspection etc. title: |- Sideband profile snat_ip: description: | NAT'ted floating source IP Address(es) for upstream connection to servers. Maximum of 32 items allowed. items: $ref: '#/definitions/ALBIpAddr' title: |- Snat ip type: array sp_pool_paths: description: | GSLB pools used to manage site-persistence functionality. Each site-persistence pool contains the virtualservices in all the other sites, that is auto-generated by the GSLB manager. This is a read-only field for the user. It is a reference to an object of type Pool. items: type: string title: |- Sp pool paths type: array ssl_key_and_certificate_paths: description: | Select or create one or two certificates, EC and/or RSA, that will be presented to SSL/TLS terminated connections. It is a reference to an object of type SSLKeyAndCertificate. items: type: string title: |- Ssl key and certificate paths type: array ssl_profile_path: description: | Determines the set of SSL versions and ciphers to accept for SSL/TLS terminated connections. It is a reference to an object of type SSLProfile. title: |- Ssl profile path type: string ssl_profile_selectors: description: |- Select SSL Profile based on client IP address match. items: $ref: '#/definitions/ALBSSLProfileSelector' title: |- Ssl profile selectors type: array ssl_sess_cache_avg_size: default: 1024 description: | Expected number of SSL session cache entries (may be exceeded). Allowed values are 1024-16383. Default value when not specified in API or module is interpreted by ALB Controller as 1024. format: int64 maximum: 16383 minimum: 1024 title: |- Ssl sess cache avg size type: integer sso_policy_path: description: | The SSO Policy attached to the virtualservice. It is a reference to an object of type SSOPolicy. title: |- Sso policy path type: string static_dns_records: description: | List of static DNS records applied to this Virtual Service. These are static entries and no health monitoring is performed against the IP addresses. Maximum of 1000 items allowed. items: $ref: '#/definitions/ALBDnsRecord' title: |- Static dns records type: array topology_policies: description: | Topology Policies applied on the dns traffic of the Virtual Service based onGSLB Topology algorithm. items: $ref: '#/definitions/ALBDnsPolicies' title: |- Topology policies type: array traffic_clone_profile_path: description: | Server network or list of servers for cloning traffic. It is a reference to an object of type TrafficCloneProfile. title: |- Traffic clone profile path type: string traffic_enabled: default: true description: | Knob to enable the Virtual Service traffic on its assigned service engines. This setting is effective only when the enabled flag is set to True. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Traffic enabled type: boolean type: default: VS_TYPE_NORMAL description: | Specify if this is a normal Virtual Service, or if it is the parent or child of an SNI-enabled virtual hosted Virtual Service. Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD. Default value when not specified in API or module is interpreted by ALB Controller as VS_TYPE_NORMAL. enum: - VS_TYPE_NORMAL - VS_TYPE_VH_PARENT - VS_TYPE_VH_CHILD type: string use_bridge_ip_as_vip: default: false description: | Use Bridge IP as VIP on each Host in Mesos deployments. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use bridge ip as vip type: boolean use_vip_as_snat: default: false description: | Use the Virtual IP as the SNAT IP for health monitoring and sending traffic to the backend servers instead of the Service Engine interface IP. The caveat of enabling this option is that the VirtualService cannot be configued in an Active-Active HA mode. DNS based Multi VIP solution has to be used for HA & Non-disruptive Upgrade purposes. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Use vip as snat type: boolean vh_domain_name: description: | The exact name requested from the client's SNI-enabled TLS hello domain name field. If this is a match, the parent VS will forward the connection to this child VS. items: type: string title: |- Vh domain name type: array vh_parent_vs_uuid: description: | Specifies the Virtual Service acting as Virtual Hosting (SNI) parent. title: |- Vh parent vs uuid type: string vip: description: | List of Virtual Service IPs. While creating a 'Shared VS',please use vsvip_ref to point to the shared entities. items: $ref: '#/definitions/ALBVip' title: |- Vip type: array vs_datascripts: description: | Datascripts applied on the data traffic of the Virtual Service. items: $ref: '#/definitions/ALBVSDataScripts' title: |- Vs datascripts type: array vsvip_path: description: | Mostly used during the creation of Shared VS, this field refers to entities that can be shared across Virtual Services. It is a reference to an object of type VsVip. title: |- Vsvip path type: string waf_policy_path: description: | WAF policy for the Virtual Service. It is a reference to an object of type WafPolicy. title: |- Waf policy path type: string weight: default: 1 description: | The Quality of Service weight to assign to traffic transmitted from this Virtual Service. A higher weight will prioritize traffic versus other Virtual Services sharing the same Service Engines. Allowed values are 1-128. Default value when not specified in API or module is interpreted by ALB Controller as 1. format: int64 maximum: 128 minimum: 1 title: |- Weight type: integer type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer VirtualService object title: |- VirtualService x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVirtualServiceApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of VirtualService items: $ref: '#/definitions/ALBVirtualService' title: |- Array of VirtualService type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | VirtualServiceApiResponse title: |- VirtualServiceApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVsVip: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_info: description: | Service discovery specific data including fully qualified domain name, type and Time-To-Live of the DNS record. Maximum of 1000 items allowed. items: $ref: '#/definitions/ALBDnsInfo' title: |- Dns info type: array east_west_placement: default: false description: | Force placement on all Service Engines in the Service Engine Group (Container clouds only). Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- East west placement type: boolean tier1_path: description: | This sets the placement scope of virtualservice to given tier1 logical router in Nsx-t. title: |- Tier1 path type: string use_standard_alb: description: | This overrides the cloud level default and needs to match the SE Group value in which it will be used if the SE Group use_standard_alb value is set. This is only used when FIP is used for VS on Azure Cloud. title: |- Use standard alb type: boolean vip: description: |- List of Virtual Service IPs and other shareable entities. items: $ref: '#/definitions/ALBVip' title: |- Vip type: array vsvip_cloud_config_cksum: description: | Checksum of cloud configuration for VsVip. Internally set by cloud connector. title: |- Vsvip cloud config cksum type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer VsVip object title: |- VsVip x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBVsVipApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of VsVip items: $ref: '#/definitions/ALBVsVip' title: |- Array of VsVip type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | VsVipApiResponse title: |- VsVipApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafApplicationSignatures: description: |- Advanced load balancer WafApplicationSignatures object properties: rules: description: | The active application specific rules. You can change attributes like enabled, waf mode and exclusions, but not the rules itself. To change the rules, you can change the tags or the rule provider. items: $ref: '#/definitions/ALBWafRule' title: |- Rules type: array ruleset_version: description: |- The version in use of the provided ruleset. title: |- Ruleset version type: string selected_applications: description: | List of applications for which we use the rules from the WafApplicationSignatureProvider. Maximum of 8 items allowed. items: type: string title: |- Selected applications type: array title: |- WafApplicationSignatures type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafCRS: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: groups: description: | WAF Rules are sorted in groups based on their characterization. Maximum of 64 items allowed. items: $ref: '#/definitions/ALBWafRuleGroup' title: |- Groups type: array integrity: description: |- Integrity protection value. title: |- Integrity type: string release_date: description: | The release date of this version in RFC 3339 / ISO 8601 format. title: |- Release date type: string version: description: |- The version of this ruleset object. title: |- Version type: string required: - release_date - version - integrity type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer WafCRS object title: |- WafCRS x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafCRSApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of WafCRS items: $ref: '#/definitions/ALBWafCRS' title: |- Array of WafCRS type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | WafCRSApiResponse title: |- WafCRSApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafConfig: description: |- Advanced load balancer WafConfig object properties: allowed_http_versions: description: | WAF allowed HTTP Versions. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO. Maximum of 8 items allowed. items: description: |- Valid ENUM values for ALBHTTPVersion enum: - ZERO_NINE - ONE_ZERO - ONE_ONE - TWO_ZERO type: string title: |- Allowed http versions type: array allowed_methods: description: | WAF allowed HTTP methods. Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. items: description: |- Valid ENUM values for ALBHTTPMethod enum: - HTTP_METHOD_GET - HTTP_METHOD_HEAD - HTTP_METHOD_PUT - HTTP_METHOD_DELETE - HTTP_METHOD_POST - HTTP_METHOD_OPTIONS - HTTP_METHOD_TRACE - HTTP_METHOD_CONNECT - HTTP_METHOD_PATCH - HTTP_METHOD_PROPFIND - HTTP_METHOD_PROPPATCH - HTTP_METHOD_MKCOL - HTTP_METHOD_COPY - HTTP_METHOD_MOVE - HTTP_METHOD_LOCK - HTTP_METHOD_UNLOCK type: string title: |- Allowed methods type: array allowed_request_content_types: description: | WAF allowed Content Types. Maximum of 64 items allowed. items: type: string title: |- Allowed request content types type: array argument_separator: default: '&' description: | Argument seperator. Default value when not specified in API or module is interpreted by ALB Controller as &. title: |- Argument separator type: string client_request_max_body_size: default: 32 description: | Maximum size for the client request body scanned by WAF. Allowed values are 1-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 32. format: int64 maximum: 32768 minimum: 1 title: |- Client request max body size type: integer cookie_format_version: default: 0 description: | 0 For Netscape Cookies. 1 For version 1 cookies. Allowed values are 0-1. Default value when not specified in API or module is interpreted by ALB Controller as 0. format: int64 maximum: 1 minimum: 0 title: |- Cookie format version type: integer ignore_incomplete_request_body_error: default: true description: | Ignore request body parsing errors due to partial scanning. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Ignore incomplete request body error type: boolean max_execution_time: default: 50 description: | The maximum period of time WAF processing is allowed to take for a single request. A value of 0 (zero) means no limit and should not be chosen in production deployments. It is only used for exceptional situations where crashes of se_dp processes are acceptable. The behavior of the system if this time is exceeded depends on two other configuration settings, the WAF policy mode and the WAF failure mode. In WAF policy mode 'Detection', the request is allowed and flagged for both failure mode 'Closed' and 'Open'. In enforcement node, 'Closed' means the request is rejected, 'Open' means the request is allowed and flagged. Irrespective of these settings, no subsequent WAF rules of this or other phases will be executed once the maximum execution time has been exceeded. Allowed values are 0-5000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 50. format: int64 maximum: 5000 minimum: 0 title: |- Max execution time type: integer regex_match_limit: default: 30000 description: | Limit CPU utilization for each regular expression match when processing rules. Default value when not specified in API or module is interpreted by ALB Controller as 30000. format: int64 title: |- Regex match limit type: integer regex_recursion_limit: default: 10000 description: | Limit depth of recursion for each regular expression match when processing rules. Default value when not specified in API or module is interpreted by ALB Controller as 10000. format: int64 title: |- Regex recursion limit type: integer request_body_default_action: default: phase:2,deny,status:403,log,auditlog description: | WAF default action for Request Body Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:2,deny,status:403,log,auditlog. title: |- Request body default action type: string request_hdr_default_action: default: phase:1,deny,status:403,log,auditlog description: | WAF default action for Request Header Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:1,deny,status:403,log,auditlog. title: |- Request hdr default action type: string response_body_default_action: default: phase:4,deny,status:403,log,auditlog description: | WAF default action for Response Body Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:4,deny,status:403,log,auditlog. title: |- Response body default action type: string response_hdr_default_action: default: phase:3,deny,status:403,log,auditlog description: | WAF default action for Response Header Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:3,deny,status:403,log,auditlog. title: |- Response hdr default action type: string restricted_extensions: description: | WAF Restricted File Extensions. Maximum of 256 items allowed. items: type: string title: |- Restricted extensions type: array restricted_headers: description: | WAF Restricted HTTP Headers. Maximum of 64 items allowed. items: type: string title: |- Restricted headers type: array server_response_max_body_size: default: 128 description: | Maximum size for response body scanned by WAF. Allowed values are 1-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 128. format: int64 maximum: 32768 minimum: 1 title: |- Server response max body size type: integer static_extensions: description: | WAF Static File Extensions. GET and HEAD requests with no query args and one of these extensions are allowed and not checked by the ruleset. Maximum of 64 items allowed. items: type: string title: |- Static extensions type: array status_code_for_rejected_requests: default: HTTP_RESPONSE_CODE_403 description: | HTTP status code used by WAF Positive Security Model when rejecting a request. Enum options - HTTP_RESPONSE_CODE_0, HTTP_RESPONSE_CODE_100, HTTP_RESPONSE_CODE_101, HTTP_RESPONSE_CODE_200, HTTP_RESPONSE_CODE_201, HTTP_RESPONSE_CODE_202, HTTP_RESPONSE_CODE_203, HTTP_RESPONSE_CODE_204, HTTP_RESPONSE_CODE_205, HTTP_RESPONSE_CODE_206, HTTP_RESPONSE_CODE_300, HTTP_RESPONSE_CODE_301, HTTP_RESPONSE_CODE_302, HTTP_RESPONSE_CODE_303, HTTP_RESPONSE_CODE_304, HTTP_RESPONSE_CODE_305, HTTP_RESPONSE_CODE_307, HTTP_RESPONSE_CODE_400, HTTP_RESPONSE_CODE_401, HTTP_RESPONSE_CODE_402... Default value when not specified in API or module is interpreted by ALB Controller as HTTP_RESPONSE_CODE_403. enum: - HTTP_RESPONSE_CODE_0 - HTTP_RESPONSE_CODE_100 - HTTP_RESPONSE_CODE_101 - HTTP_RESPONSE_CODE_200 - HTTP_RESPONSE_CODE_201 - HTTP_RESPONSE_CODE_202 - HTTP_RESPONSE_CODE_203 - HTTP_RESPONSE_CODE_204 - HTTP_RESPONSE_CODE_205 - HTTP_RESPONSE_CODE_206 - HTTP_RESPONSE_CODE_300 - HTTP_RESPONSE_CODE_301 - HTTP_RESPONSE_CODE_302 - HTTP_RESPONSE_CODE_303 - HTTP_RESPONSE_CODE_304 - HTTP_RESPONSE_CODE_305 - HTTP_RESPONSE_CODE_307 - HTTP_RESPONSE_CODE_400 - HTTP_RESPONSE_CODE_401 - HTTP_RESPONSE_CODE_402 - HTTP_RESPONSE_CODE_403 - HTTP_RESPONSE_CODE_404 - HTTP_RESPONSE_CODE_405 - HTTP_RESPONSE_CODE_406 - HTTP_RESPONSE_CODE_407 - HTTP_RESPONSE_CODE_408 - HTTP_RESPONSE_CODE_409 - HTTP_RESPONSE_CODE_410 - HTTP_RESPONSE_CODE_411 - HTTP_RESPONSE_CODE_412 - HTTP_RESPONSE_CODE_413 - HTTP_RESPONSE_CODE_414 - HTTP_RESPONSE_CODE_415 - HTTP_RESPONSE_CODE_416 - HTTP_RESPONSE_CODE_417 - HTTP_RESPONSE_CODE_426 - HTTP_RESPONSE_CODE_470 - HTTP_RESPONSE_CODE_475 - HTTP_RESPONSE_CODE_500 - HTTP_RESPONSE_CODE_501 - HTTP_RESPONSE_CODE_502 - HTTP_RESPONSE_CODE_503 - HTTP_RESPONSE_CODE_504 - HTTP_RESPONSE_CODE_505 type: string xml_xxe_protection: default: true description: | Block or flag XML requests referring to External Entities. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Xml xxe protection type: boolean title: |- WafConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafDataFile: description: |- Advanced load balancer WafDataFile object properties: data: description: |- Stringified WAF File Data. title: |- Data type: string name: description: |- WAF Data File Name. title: |- Name type: string type: default: WAF_DATAFILE_PM_FROM_FILE description: | WAF data file type. Enum options - WAF_DATAFILE_PM_FROM_FILE, WAF_DATAFILE_DTD, WAF_DATAFILE_XSD. Default value when not specified in API or module is interpreted by ALB Controller as WAF_DATAFILE_PM_FROM_FILE. enum: - WAF_DATAFILE_PM_FROM_FILE - WAF_DATAFILE_DTD - WAF_DATAFILE_XSD type: string required: - data - name title: |- WafDataFile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafExcludeListEntry: description: |- Advanced load balancer WafExcludeListEntry object properties: client_subnet: $ref: '#/definitions/ALBIpAddrPrefix' description: |- Client IP Subnet to exclude for WAF rules. title: |- Client subnet description: description: |- Free-text comment about this exclusion. title: |- Description type: string match_element: description: | The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_HEADERS xxx' or 'RESPONSE_HEADERS xxx'. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. title: |- Match element type: string match_element_criteria: $ref: '#/definitions/ALBWafExclusionType' description: |- Criteria for match_element matching. title: |- Match element criteria uri_match_criteria: $ref: '#/definitions/ALBWafExclusionType' description: |- Criteria for URI matching. title: |- Uri match criteria uri_path: description: |- URI Path to exclude for WAF rules. title: |- Uri path type: string title: |- WafExcludeListEntry type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafExclusionType: description: |- Advanced load balancer WafExclusionType object properties: match_case: default: SENSITIVE description: | Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as SENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_op: default: EQUALS description: | String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Default value when not specified in API or module is interpreted by ALB Controller as EQUALS. enum: - BEGINS_WITH - DOES_NOT_BEGIN_WITH - CONTAINS - DOES_NOT_CONTAIN - ENDS_WITH - DOES_NOT_END_WITH - EQUALS - DOES_NOT_EQUAL - REGEX_MATCH - REGEX_DOES_NOT_MATCH type: string title: |- WafExclusionType type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPSMLocation: description: |- Advanced load balancer WafPSMLocation object properties: description: description: |- Free-text comment about this location. title: |- Description type: string index: description: | Location index, this is used to determine the order of the locations. format: int64 title: |- Index type: integer match: $ref: '#/definitions/ALBWafPSMLocationMatch' description: | Apply these rules only if the request is matching this description. title: |- Match name: description: | User defined name for this location, it must be unique in the group. title: |- Name type: string rules: description: | A list of rules which should be applied on this location. Maximum of 1024 items allowed. items: $ref: '#/definitions/ALBWafPSMRule' title: |- Rules type: array required: - index - name title: |- WafPSMLocation type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPSMLocationMatch: description: |- Advanced load balancer WafPSMLocationMatch object properties: host: $ref: '#/definitions/ALBHostHdrMatch' description: | Apply the rules only to requests that match the specified Host header. If this is not set, the host header will not be checked. title: |- Host methods: $ref: '#/definitions/ALBMethodMatch' description: | Apply the rules only to requests that have the specified methods. If this is not set, the method will not be checked. title: |- Methods path: $ref: '#/definitions/ALBPathMatch' description: | Apply the rules only to requests that match the specified URI. If this is not set, the path will not be checked. title: |- Path title: |- WafPSMLocationMatch type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPSMMatchElement: description: |- Advanced load balancer WafPSMMatchElement object properties: excluded: default: false description: | Mark this element excluded, like in '!ARGS password'. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Excluded type: boolean index: description: |- Match_element index. format: int64 title: |- Index type: integer name: description: | The variable specification. For example ARGS or REQUEST_COOKIES. This can be a scalar like PATH_INFO. Enum options - WAF_VARIABLE_ARGS, WAF_VARIABLE_ARGS_GET, WAF_VARIABLE_ARGS_POST, WAF_VARIABLE_ARGS_NAMES, WAF_VARIABLE_REQUEST_COOKIES, WAF_VARIABLE_QUERY_STRING, WAF_VARIABLE_REQUEST_BASENAME, WAF_VARIABLE_REQUEST_URI, WAF_VARIABLE_PATH_INFO. enum: - WAF_VARIABLE_ARGS - WAF_VARIABLE_ARGS_GET - WAF_VARIABLE_ARGS_POST - WAF_VARIABLE_ARGS_NAMES - WAF_VARIABLE_REQUEST_COOKIES - WAF_VARIABLE_QUERY_STRING - WAF_VARIABLE_REQUEST_BASENAME - WAF_VARIABLE_REQUEST_URI - WAF_VARIABLE_PATH_INFO type: string sub_element: description: | The name of the request collection element. This can be empty, if we address the whole collection or a scalar element. title: |- Sub element type: string required: - index - name title: |- WafPSMMatchElement type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPSMRule: description: |- Advanced load balancer WafPSMRule object properties: description: description: |- Free-text comment about this rule. title: |- Description type: string enable: default: true description: | Enable or disable this rule. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean index: description: | Rule index, this is used to determine the order of the rules. format: int64 title: |- Index type: integer match_case: default: INSENSITIVE description: | The field match_value_pattern regular expression is case sensitive. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. enum: - SENSITIVE - INSENSITIVE type: string match_elements: description: | The match elements, for example ARGS id or ARGS|!ARGS password. Maximum of 64 items allowed. items: $ref: '#/definitions/ALBWafPSMMatchElement' title: |- Match elements type: array match_value_max_length: description: | The maximum allowed length of the match_value. If this is not set, the length will not be checked. format: int64 title: |- Match value max length type: integer match_value_pattern: description: |- A regular expression which describes the expected value. title: |- Match value pattern type: string mode: description: | WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. enum: - WAF_MODE_DETECTION_ONLY - WAF_MODE_ENFORCEMENT type: string name: description: |- Name of the rule. title: |- Name type: string paranoia_level: default: WAF_PARANOIA_LEVEL_LOW description: | WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Default value when not specified in API or module is interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW. enum: - WAF_PARANOIA_LEVEL_LOW - WAF_PARANOIA_LEVEL_MEDIUM - WAF_PARANOIA_LEVEL_HIGH - WAF_PARANOIA_LEVEL_EXTREME type: string rule_id: description: | Id field which is used for log and metric generation. This id must be unique for all rules in this group. title: |- Rule id type: string required: - index - rule_id - name title: |- WafPSMRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allow_mode_delegation: default: true description: | Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Allow mode delegation type: boolean application_signatures: $ref: '#/definitions/ALBWafApplicationSignatures' description: |- Application Specific Signatures. title: |- Application signatures confidence_override: $ref: '#/definitions/ALBAppLearningConfidenceOverride' description: |- Configure thresholds for confidence labels. title: |- Confidence override created_by: description: |- Creator name. title: |- Created by type: string crs_groups: description: | WAF Rules are categorized in to groups based on their characterization. These groups are system created with CRS groups. items: $ref: '#/definitions/ALBWafRuleGroup' title: |- Crs groups type: array enable_app_learning: default: false description: | Enable Application Learning for this WAF policy. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Enable app learning type: boolean enable_auto_rule_updates: default: true description: | Enable Application Learning based rule updates on the WAF Profile. Rules will be programmed in dedicated WAF learning group. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable auto rule updates type: boolean failure_mode: default: WAF_FAILURE_MODE_OPEN description: | WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Default value when not specified in API or module is interpreted by ALB Controller as WAF_FAILURE_MODE_OPEN. enum: - WAF_FAILURE_MODE_OPEN - WAF_FAILURE_MODE_CLOSED type: string learning_params: $ref: '#/definitions/ALBAppLearningParams' description: |- Parameters for tuning Application learning. title: |- Learning params min_confidence: default: CONFIDENCE_VERY_HIGH description: | Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Default value when not specified in API or module is interpreted by ALB Controller as CONFIDENCE_VERY_HIGH. enum: - CONFIDENCE_VERY_HIGH - CONFIDENCE_HIGH - CONFIDENCE_PROBABLE - CONFIDENCE_LOW - CONFIDENCE_NONE type: string mode: default: WAF_MODE_DETECTION_ONLY description: | WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Default value when not specified in API or module is interpreted by ALB Controller as WAF_MODE_DETECTION_ONLY. enum: - WAF_MODE_DETECTION_ONLY - WAF_MODE_ENFORCEMENT type: string paranoia_level: default: WAF_PARANOIA_LEVEL_LOW description: | WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Default value when not specified in API or module is interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW. enum: - WAF_PARANOIA_LEVEL_LOW - WAF_PARANOIA_LEVEL_MEDIUM - WAF_PARANOIA_LEVEL_HIGH - WAF_PARANOIA_LEVEL_EXTREME type: string positive_security_model: $ref: '#/definitions/ALBWafPositiveSecurityModel' description: | The Positive Security Model. This is used to describe how the request or parts of the request should look like. It is executed in the Request Body Phase of Avi WAF. title: |- Positive security model post_crs_groups: description: | WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. items: $ref: '#/definitions/ALBWafRuleGroup' title: |- Post crs groups type: array pre_crs_groups: description: | WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. items: $ref: '#/definitions/ALBWafRuleGroup' title: |- Pre crs groups type: array waf_crs_path: description: | WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. title: |- Waf crs path type: string waf_profile_path: description: | WAF Profile for WAF policy. It is a reference to an object of type WafProfile. title: |- Waf profile path type: string required: - waf_profile_path type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer WafPolicy object title: |- WafPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPolicyApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of WafPolicy items: $ref: '#/definitions/ALBWafPolicy' title: |- Array of WafPolicy type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | WafPolicyApiResponse title: |- WafPolicyApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPolicyPSMGroup: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enable: default: true description: | Enable or disable this WAF rule group. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean hit_action: default: WAF_ACTION_ALLOW_PARAMETER description: | If a rule in this group matches the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_ALLOW_PARAMETER. Default value when not specified in API or module is interpreted by ALB Controller as WAF_ACTION_ALLOW_PARAMETER. enum: - WAF_ACTION_NO_OP - WAF_ACTION_BLOCK - WAF_ACTION_ALLOW_PARAMETER type: string is_learning_group: default: false description: | This field indicates that this group is used for learning. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is learning group type: boolean locations: description: | Positive Security Model locations. These are used to partition the application name space. Maximum of 16384 items allowed. items: $ref: '#/definitions/ALBWafPSMLocation' title: |- Locations type: array miss_action: default: WAF_ACTION_NO_OP description: | If a rule in this group does not match the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_BLOCK. Default value when not specified in API or module is interpreted by ALB Controller as WAF_ACTION_NO_OP. enum: - WAF_ACTION_NO_OP - WAF_ACTION_BLOCK - WAF_ACTION_ALLOW_PARAMETER type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer WafPolicyPSMGroup object title: |- WafPolicyPSMGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPolicyPSMGroupApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of WafPolicyPSMGroup items: $ref: '#/definitions/ALBWafPolicyPSMGroup' title: |- Array of WafPolicyPSMGroup type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | WafPolicyPSMGroupApiResponse title: |- WafPolicyPSMGroupApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafPositiveSecurityModel: description: |- Advanced load balancer WafPositiveSecurityModel object properties: group_paths: description: | These groups should be used to separate different levels of concern. The order of the groups matters, one group may mark parts of the request as valid, so that subsequent groups will not check these parts. It is a reference to an object of type WafPolicyPSMGroup. Maximum of 64 items allowed. items: type: string title: |- Group paths type: array title: |- WafPositiveSecurityModel type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: config: $ref: '#/definitions/ALBWafConfig' description: |- Config params for WAF. title: |- Config files: description: | List of Data Files Used for WAF Rules. Maximum of 64 items allowed. items: $ref: '#/definitions/ALBWafDataFile' title: |- Files type: array required: - config type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer WafProfile object title: |- WafProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafProfileApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of WafProfile items: $ref: '#/definitions/ALBWafProfile' title: |- Array of WafProfile type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | WafProfileApiResponse title: |- WafProfileApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafRule: description: |- Advanced load balancer WafRule object properties: avi_tags: description: | Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Maximum of 64 items allowed. items: type: string title: |- Avi tags type: array enable: default: true description: | Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean exclude_list: description: | Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed. items: $ref: '#/definitions/ALBWafExcludeListEntry' title: |- Exclude list type: array index: description: |- Number of index. format: int64 title: |- Index type: integer is_sensitive: default: false description: | The rule field is sensitive and will not be displayed. Default value when not specified in API or module is interpreted by ALB Controller as false. title: |- Is sensitive type: boolean mode: description: | WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. enum: - WAF_MODE_DETECTION_ONLY - WAF_MODE_ENFORCEMENT type: string name: description: |- User-friendly optional name for a rule. title: |- Name type: string phase: description: | The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. enum: - WAF_PHASE_CONNECTION - WAF_PHASE_REQUEST_HEADER - WAF_PHASE_REQUEST_BODY - WAF_PHASE_RESPONSE_HEADER - WAF_PHASE_RESPONSE_BODY - WAF_PHASE_LOGGING type: string rule: description: |- Rule as per Modsec language. title: |- Rule type: string rule_id: description: | Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a ModSec rule. Rules within a single WAF Policy are required to have unique rule_ids. title: |- Rule id type: string required: - index - rule title: |- WafRule type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWafRuleGroup: description: |- Advanced load balancer WafRuleGroup object properties: enable: default: true description: | Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true. title: |- Enable type: boolean exclude_list: description: | Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed. items: $ref: '#/definitions/ALBWafExcludeListEntry' title: |- Exclude list type: array index: description: |- Number of index. format: int64 title: |- Index type: integer name: description: |- Name of the object. title: |- Name type: string rules: description: | Rules as per Modsec language. Maximum of 1024 items allowed. items: $ref: '#/definitions/ALBWafRule' title: |- Rules type: array required: - index - name title: |- WafRuleGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWebhook: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: callback_url: description: |- Callback URL for the Webhook. title: |- Callback url type: string verification_token: description: | Verification token sent back with the callback asquery parameters. title: |- Verification token type: string type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: |- Advanced load balancer Webhook object title: |- Webhook x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALBWebhookApiResponse: allOf: - $ref: '#/definitions/ListResult' - properties: count: default: null description: | count format: int32 title: |- count type: integer results: description: | Array of Webhook items: $ref: '#/definitions/ALBWebhook' title: |- Array of Webhook type: array type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | WebhookApiResponse title: |- WebhookApiResponse x-vmw-nsx-module: PolicyAdvancedLoadBalancer ALGTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: alg: description: | The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead. enum: - ORACLE_TNS - FTP - SUN_RPC_TCP - SUN_RPC_UDP - MS_RPC_TCP - MS_RPC_UDP - NBNS_BROADCAST - NBDG_BROADCAST - TFTP title: |- The Application Layer Gateway (ALG) protocol type: string destination_ports: description: |- The destination_port cannot be empty and must be a single value. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 minItems: 1 title: |- The destination_port cannot be empty and must be a single value. type: array source_ports: items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array required: - alg - destination_ports type: object x-vmw-nsx-module: Policy description: |- An ServiceEntry that represents an ALG protocol title: |- An ServiceEntry that represents an ALG protocol x-vmw-nsx-module: Policy AbstractSpace: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: connectivity_strategy: description: | The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. enum: - WHITELIST - BLACKLIST - WHITELIST_ENABLE_LOGGING - BLACKLIST_ENABLE_LOGGING - NONE title: |- Connectivity strategy used by this tenant type: string x-deprecated: true type: object x-vmw-nsx-module: Policy description: |- Represents the space in which the policy is being defined. title: |- The space in which policy is being defined x-vmw-nsx-module: Policy AcceptableComponentVersion: allOf: - $ref: '#/definitions/VersionList' - properties: component_type: description: |- Node type enum: - HOST - EDGE - CCP - MP title: |- Node type type: string required: - component_type type: object x-vmw-nsx-module: VersionWhitelist x-vmw-nsx-module: VersionWhitelist AcceptableComponentVersionList: properties: results: description: |- Acceptable version whitelist for different components items: $ref: '#/definitions/AcceptableComponentVersion' title: |- Acceptable version whitelist for different components type: array required: - results type: object x-vmw-nsx-module: VersionWhitelist Action: description: | Reaction Action is the action to take when the stipulated criteria specified in the event exist over the source. Some example actions include: - Notify Admin (or VMC's SRE) via email. - Populate a specific label with the IPSec VPN Session. - Remove the IPSec VPN Session from a specific label. discriminator: resource_type properties: resource_type: description: | Reaction Action resource type. enum: - PatchResources - SetFields title: |- Resource Type type: string required: - resource_type title: |- Reaction Action type: object x-vmw-nsx-module: PolicyReaction ActionableResource: allOf: - $ref: '#/definitions/ManagedResource' - properties: ip_address: description: |- A resource reference on which actions can be performed format: hostname-or-ip title: |- A resource reference on which actions can be performed type: string type: object x-vmw-nsx-module: ClusterRestore description: |- Resources managed during restore process title: |- Resources managed during restore process x-vmw-nsx-module: ClusterRestore ActionableResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/ActionableResource' title: |- List results type: array required: - results type: object x-vmw-nsx-module: ClusterRestore x-vmw-nsx-module: ClusterRestore ActiveDirectoryIdentitySource: allOf: - $ref: '#/definitions/LdapIdentitySource' - type: object x-vmw-nsx-module: LdapIdentitySources description: |- An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T. title: |- An Active Directory identity source service x-vmw-nsx-module: LdapIdentitySources AddressBindingEntry: description: | An address binding entry is a combination of the IP-MAC-VLAN binding for a logical port. The address bindings can be obtained via various methods like ARP snooping, DHCP snooping etc. or by user configuration. properties: binding: $ref: '#/definitions/PacketAddressClassifier' description: |- Combination of IP-MAC-VLAN binding title: |- Combination of IP-MAC-VLAN binding binding_timestamp: description: | Timestamp at which the binding was discovered via snooping or manually specified by the user format: int64 type: integer source: default: UNKNOWN description: |- Source from which the address binding entry was obtained enum: - INVALID - UNKNOWN - USER_DEFINED - ARP_SNOOPING - DHCP_SNOOPING - VM_TOOLS - ND_SNOOPING - DHCPV6_SNOOPING - VM_TOOLS_V6 type: string title: |- Combination of IP-MAC-VLAN binding type: object x-vmw-nsx-module: LogicalPort AdvanceClusterRestoreInput: properties: id: description: | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided readOnly: true title: | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided type: string resources: description: |- List of resources for which the instruction is applicable. items: $ref: '#/definitions/SelectableResourceReference' title: |- List of resources for which the instruction is applicable. type: array required: - resources type: object x-vmw-nsx-module: ClusterRestore AdvanceClusterRestoreRequest: properties: data: description: |- List of instructions and their associated data items: $ref: '#/definitions/AdvanceClusterRestoreInput' title: |- List of instructions and their associated data type: array required: - data type: object x-vmw-nsx-module: ClusterRestore AggregateDNSForwarderStatistics: description: | Aggregate of DNS forwarder statistics across enforcement points. properties: intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string statistics_per_enforcement_point: description: | List of DNS forwarder statistics per enforcement point. items: $ref: '#/definitions/DNSForwarderStatisticsPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder statistics per enforcement point type: array required: - intent_path title: |- Aggregate of DNS forwarder statistics type: object x-vmw-nsx-module: PolicyDNSStatistics AggregateDNSForwarderStatus: description: | Aggregate of DNS forwarder status across enforcement points. properties: intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string status_per_enforcement_point: description: | List of DNS forwarder status per enforcement point. items: $ref: '#/definitions/DNSForwarderStatusPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder status per enforcement point type: array required: - intent_path title: |- Aggregate of DNS forwarder status type: object x-vmw-nsx-module: PolicyDNSStatistics AggregatePolicyDnsAnswer: description: | Aggregate of DNS forwarder nslookup answer across enforcement points. properties: dns_answer_per_enforcement_point: description: | List of DNS forwarder nslookup answer per enforcement point. items: $ref: '#/definitions/PolicyDnsAnswerPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder nslookup answer per enforcement point type: array intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string required: - intent_path title: |- Aggregate of DNS forwarder nslookup answer type: object x-vmw-nsx-module: PolicyDnsForwarder AggregatePolicyRuntimeInfo: description: | Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points. properties: intent_path: description: | Intent path of object, forward slashes must be escaped using %2F. readOnly: true title: |- String Path of the intent object type: string title: |- Aggregate of PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics AggregatedDataCounter: properties: rx_bytes: $ref: '#/definitions/DataCounter' readOnly: true rx_packets: $ref: '#/definitions/DataCounter' readOnly: true tx_bytes: $ref: '#/definitions/DataCounter' readOnly: true tx_packets: $ref: '#/definitions/DataCounter' readOnly: true type: object x-vmw-nsx-module: AggSvcL2Types AggregatedDataCounterEx: allOf: - $ref: '#/definitions/AggregatedDataCounter' - properties: dropped_by_security_packets: $ref: '#/definitions/PacketsDroppedBySecurity' readOnly: true mac_learning: $ref: '#/definitions/MacLearningCounters' readOnly: true type: object x-vmw-nsx-module: AggSvcL2Types x-vmw-nsx-module: AggSvcL2Types AggregatedLogicalRouterPortCounters: properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer rx: $ref: '#/definitions/LogicalRouterPortCounters' readOnly: true tx: $ref: '#/definitions/LogicalRouterPortCounters' readOnly: true type: object x-vmw-nsx-module: AggSvcLogicalRouterPort ApiError: allOf: - $ref: '#/definitions/RelatedApiError' - properties: related_errors: description: |- Other errors related to this error items: $ref: '#/definitions/RelatedApiError' title: |- Other errors related to this error type: array type: object x-vmw-nsx-module: Common description: |- Detailed information about an API Error title: |- Detailed information about an API Error x-vmw-nsx-module: Common ApiRequestBody: allOf: - $ref: '#/definitions/Source' - properties: resource_pointer: description: | Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. title: |- Resource Pointer type: string required: - resource_pointer type: object x-vmw-nsx-module: PolicyReaction description: | API Request Body is an Event Source that represents an API request body that is being reveived as part of an API. Supported Request Bodies are those received as part of a PATCH/PUT/POST request. title: |- API Request Body x-vmw-nsx-module: PolicyReaction ApplicationConnectivityStrategy: description: | Allows more granular policies for application workloads properties: application_connectivity_strategy: description: | App connectivity strategies enum: - ALLOW_INTRA - ALLOW_EGRESS title: |- Application connectivity strategy type: string default_application_rule_id: description: | Based on the value of the app connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. format: int64 readOnly: true title: |- Default rule ID associated with the application_connectivity_strategy type: integer logging_enabled: default: false description: |- Flag to enable packet logging. Default is disabled. readOnly: false title: |- Enable logging flag type: boolean required: - application_connectivity_strategy title: |- Application specific connectivity strategy type: object x-vmw-nsx-module: Policy ArpHeader: properties: dst_ip: description: |- The destination IP address format: ipv4 type: string op_code: default: ARP_REQUEST description: |- This field specifies the nature of the Arp message being sent. enum: - ARP_REQUEST - ARP_REPLY title: |- Arp message type type: string src_ip: description: |- This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0. format: ipv4 type: string required: - op_code - dst_ip type: object x-vmw-nsx-module: Traceflow ArpSnoopingConfig: description: |- Contains ARP snooping related configuration. properties: arp_binding_limit: default: 1 description: | Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. format: int32 maximum: 256 minimum: 1 title: |- Maximum number of ARP bindings type: integer arp_snooping_enabled: default: true description: |- Indicates whether ARP snooping is enabled title: |- Is ARP snooping enabled or not type: boolean title: |- ARP Snooping Configuration type: object x-vmw-nsx-module: PolicyIpDiscovery AttachedInterfaceEntry: description: | The Attached interface is only effective for the segment port on Bare metal server. properties: app_intf_name: description: |- The name of application interface title: |- The name of application interface type: string default_gateway: description: |- Gateway IP format: ip type: string migrate_intf: description: |- IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP. title: |- Interface name to migrate type: string routing_table: description: |- Routing rules items: type: string title: |- Routing rules type: array required: - app_intf_name title: |- Attached interface information for Bare metal server type: object x-vmw-nsx-module: PolicyConnectivity Attribute: description: |- Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance. properties: attribute_type: description: |- Attribute Type can be of any of the allowed enum type. enum: - IP_ADDRESS - PORT - PASSWORD - STRING - LONG - BOOLEAN readOnly: false title: |- Attributetype. type: string display_name: description: |- Attribute display name string value. readOnly: false title: |- Display name type: string key: description: |- Attribute key string value. readOnly: false title: |- key type: string read_only: default: false description: |- Read only Attribute cannot be overdidden by service instance/deployment. readOnly: false title: |- read only type: boolean value: description: |- Attribute value string value. readOnly: false title: |- value type: string required: - key title: |- Attributes type: object x-vmw-nsx-module: ServiceInsertionCommonTypes AttributeVal: description: |- Contains type specific properties of generic realized entity properties: data_type: description: |- Datatype of the property enum: - STRING - DATE - INTEGER - BOOLEAN readOnly: true title: |- Datatype of property represented by this attribute type: string key: description: |- Attribute key title: |- Key for the attribute value type: string multivalue: description: |- If attribute has a single value or collection of values readOnly: true title: |- multivalue flag type: boolean values: description: |- List of attribute values items: type: string readOnly: true title: |- List of values for the attribute type: array title: |- Attribute values of realized type type: object x-vmw-nsx-module: PolicyRealizedState AutoRds: description: |- This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations. properties: l2_auto_rds: description: |- List of layer 2 Auto assigned Route Distinguisher items: $ref: '#/definitions/L2AutoRD' title: |- List of layer 2 Auto assigned Route Distinguisher type: array l3_auto_rd: description: | This field is auto assigned by the system. The auto RD seed is populated when user does not assign a route_distinguisher field in the gateway. title: |- Layer 3 Auto assigned Route Distinguisher type: string title: |- Auto assigned Route Distinguishers type: object x-vmw-nsx-module: PolicyConnectivityStatistics AviConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: cloud: description: | Clouds are containers for the environment that Avi Vantage is installed or operating within. During initial setup of Vantage, a default cloud, named Default-Cloud, is created. This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added, containing SEs and virtual services. title: |- Cloud type: string password: description: |- Password. title: |- Password type: string tenant: description: | A tenant is an isolated instance of Avi Controller. Each Avi user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi restricts their access to only those resources that are in the same tenant title: |- Tenant type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username. title: |- Username type: string version: description: | Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one. Such scripts need not be updated to keep up with object model changes title: |- Version type: string required: - version - tenant - cloud type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to a AVI type of enforcement point. title: |- Avi Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement Axes: description: |- Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs. properties: x_label: $ref: '#/definitions/Label' description: |- Label for X axis of a graph title: |- Label for X axis of a graph y_label: $ref: '#/definitions/Label' description: |- Label for Y axis of a graph title: |- Label for Y axis of a graph title: |- Axes of a graph type: object x-vmw-nsx-module: NsxDashboard BackupConfiguration: description: |- Configuration for taking manual/automated backup properties: after_inventory_update_interval: description: |- A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. format: int64 maximum: 86400 minimum: 300 title: |- A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. type: integer backup_enabled: default: false description: |- true if automated backup is enabled title: |- true if automated backup is enabled type: boolean backup_schedule: $ref: '#/definitions/BackupSchedule' description: |- Set when backups should be taken - on a weekly schedule or at regular intervals. title: |- Set when backups should be taken - on a weekly schedule or at regular intervals. inventory_summary_interval: default: 240 description: |- The minimum number of seconds between each upload of the inventory summary to backup server. format: int64 maximum: 3600 minimum: 30 title: |- The minimum number of seconds between each upload of the inventory summary to backup server. type: integer passphrase: description: | Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character). title: |- Passphrase used to encrypt backup files. type: string remote_file_server: $ref: '#/definitions/RemoteFileServer' description: |- The server to which backups will be sent. title: |- The server to which backups will be sent. required: - remote_file_server title: |- Configuration for taking manual/automated backup type: object x-vmw-nsx-module: BackupConfiguration BackupOperationHistory: description: |- Past backup operation details properties: cluster_backup_statuses: description: |- Statuses of previous cluser backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous cluser backups type: array inventory_backup_statuses: description: |- Statuses of previous inventory backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous inventory backups type: array node_backup_statuses: description: |- Statuses of previous node backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous node backups type: array title: |- Past backup operation details type: object x-vmw-nsx-module: BackupConfiguration BackupOperationStatus: description: |- Backup operation status properties: backup_id: description: |- Unique identifier of a backup title: |- Unique identifier of a backup type: string end_time: description: |- Time when operation was ended format: int64 type: integer error_code: description: |- Error code enum: - BACKUP_NOT_RUN_ON_MASTER - BACKUP_SERVER_UNREACHABLE - BACKUP_AUTHENTICATION_FAILURE - BACKUP_PERMISSION_ERROR - BACKUP_TIMEOUT - BACKUP_BAD_FINGERPRINT - BACKUP_GENERIC_ERROR title: |- Error code type: string error_message: description: |- Error code details title: |- Error code details type: string start_time: description: |- Time when operation was started format: int64 type: integer success: description: |- True if backup is successfully completed, else false title: |- True if backup is successfully completed, else false type: boolean required: - backup_id - success title: |- Backup operation status type: object x-vmw-nsx-module: BackupConfiguration BackupOverview: allOf: - $ref: '#/definitions/ClusterBackupInfoListResult' - properties: backup_config: $ref: '#/definitions/BackupConfiguration' description: |- Configuration to generate a manual/automated backup title: |- Backup configuration backup_operation_history: $ref: '#/definitions/BackupOperationHistory' description: |- Status of the last backup execution per component title: |- Last backup status current_backup_operation_status: $ref: '#/definitions/CurrentBackupOperationStatus' description: |- Backup status decribes type, phase, success/failure and time of a | latest backup execution title: |- Current backup status restore_status: $ref: '#/definitions/ClusterRestoreStatus' description: |- Status of restore process executing/executed on appliance title: |- Current restore status required: - current_backup_operation_status - backup_operation_history - backup_config - restore_status type: object x-vmw-nsx-module: BackupConfiguration description: |- Data for a single backup/restore card title: |- Backup overview x-vmw-nsx-module: BackupConfiguration BackupSchedule: description: |- Abstract base type for Weekly or Interval Backup Schedule discriminator: resource_type properties: resource_type: description: |- Schedule type enum: - WeeklyBackupSchedule - IntervalBackupSchedule title: |- Schedule type type: string required: - resource_type title: |- Abstract base type for Weekly or Interval Backup Schedule type: object x-vmw-nsx-module: BackupConfiguration BaseConsolidatedStatusPerEnforcementPoint: allOf: - $ref: '#/definitions/PolicyRuntimeInfoPerEP' - discriminator: resource_type properties: consolidated_status: $ref: '#/definitions/ConsolidatedStatus' description: | Consolidated Realized Status of an Intent object per enforcement point. readOnly: true title: |- Consolidated Realized Status enforcement_point_id: description: |- Enforcement Point Id. readOnly: true title: |- Enforcement Point Id type: string resource_type: type: string site_path: description: |- The site where this enforcement point resides. readOnly: true title: |- Site Path type: string required: - resource_type type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status Per Enforcement Point. title: |- Base class for ConsolidatedStatusPerEnforcementPoint x-vmw-nsx-module: PolicyRealizedState BaseEndpoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - VirtualEndpoint - ServiceInstanceEndpoint type: string target_ips: description: | IPs where either inbound or outbound traffic is to be redirected. items: $ref: '#/definitions/IPInfo' maxItems: 1 minItems: 1 title: |- IP addresses to redirect the traffic to type: array required: - target_ips - resource_type type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an endpoint which will be used as subject in rule. It is a polymorphic type object which can be either of the types - 1. Virtual 2. Logical We have 2 separate objects representing these 2 types. VirtualEndPoint for Virtual type and ServiceInstanceEndpoint for Logical. title: |- An endpoint to be used in redirection rule x-vmw-nsx-module: PolicyServiceInsertion BasePolicyServiceInstance: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: deployment_mode: default: ACTIVE_STANDBY description: |- Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. enum: - STAND_ALONE - ACTIVE_STANDBY readOnly: false title: |- Deployment Mode type: string partner_service_name: description: |- Unique name of Partner Service in the Marketplace title: |- Name of Partner Service type: string transport_type: default: L2_BRIDGE description: |- Transport to be used while deploying Service-VM. enum: - L2_BRIDGE - L3_ROUTED readOnly: false title: |- Transport Type type: string required: - partner_service_name type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner Service and its configuration. title: |- Represents an instance of partner Service and its configuration x-vmw-nsx-module: PolicyServiceInsertion BaseRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: destination_groups: description: | We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Destination group paths type: array destinations_excluded: default: false description: | If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups readOnly: false title: |- Negation of destination groups type: boolean direction: default: IN_OUT description: | Define direction of traffic. enum: - IN - OUT - IN_OUT title: |- Direction type: string disabled: default: false description: |- Flag to disable the rule. Default is enabled. readOnly: false title: |- Flag to disable the rule type: boolean ip_protocol: description: | Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. enum: - IPV4 - IPV6 - IPV4_IPV6 readOnly: false title: |- IPv4 vs IPv6 packet type type: string is_default: description: |- A flag to indicate whether rule is a default rule. readOnly: true title: |- Default rule flag type: boolean logged: default: false description: |- Flag to enable packet logging. Default is disabled. readOnly: false title: |- Enable logging flag type: boolean notes: description: |- Text for additional notes on changes. maxLength: 2048 readOnly: false title: |- Text for additional notes on changes type: string profiles: description: | Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. items: type: string maxItems: 128 title: |- Layer 7 service profiles type: array rule_id: description: "This is a unique 4 byte positive number that is assigned by\ \ the system. \nThis rule id is passed all the way down to the data path.\ \ The first 1GB\n(1000 to 2^30) will be shared by GM and LM with zebra\ \ style striped\nnumber space. For E.g 1000 to (1Million -1) by LM, (1M\ \ - 2M-1) by GM\nand so on.\n" format: int64 readOnly: true title: |- Unique rule ID type: integer scope: description: | The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number format: int32 minimum: 0 title: |- Sequence number of the this Rule type: integer service_entries: description: | In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. items: $ref: '#/definitions/ServiceEntry' maxItems: 128 title: |- Raw services type: array services: description: | In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Names of services type: array source_groups: description: | We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Source group paths type: array sources_excluded: default: false description: | If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups readOnly: false title: |- Negation of source groups type: boolean tag: description: | User level field which will be printed in CLI and packet logs. title: |- Tag applied on the rule type: string type: object x-vmw-nsx-module: Policy description: |- A rule indicates the action to be performed for various types of traffic flowing between workload groups. title: |- A rule represent base properties for ,dfw, forwarding, redirection rule x-vmw-nsx-module: Policy BaseRuleListResult: allOf: - $ref: '#/definitions/ListResult' - type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Rules title: |- Paged Collection of Rules x-vmw-nsx-module: Policy BaseTier0Interface: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dhcp_relay_path: description: | Policy path of dhcp-relay-config to be attached to this Interface. title: |- policy path of referenced dhcp-relay-config type: string subnets: description: | Specify IP address and network prefix for interface. items: $ref: '#/definitions/InterfaceSubnet' minItems: 1 title: |- IP address and subnet specification for interface type: array required: - subnets type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 interface configuration for external connectivity. title: |- Tier-0 interface configuration x-vmw-nsx-module: PolicyConnectivity BatchRequest: description: |- A set of operations to be performed in a single batch properties: continue_on_error: default: true description: |- Flag to decide if we will continue processing subsequent requests in case of current error for atomic = false. type: boolean requests: items: $ref: '#/definitions/BatchRequestItem' type: array title: |- A set of operations to be performed in a single batch type: object x-vmw-nsx-module: Common BatchRequestItem: description: |- A single request within a batch of operations properties: body: type: object method: description: |- http method type enum: - GET - POST - PUT - DELETE - PATCH title: |- method type(POST/PUT/DELETE/UPDATE) type: string uri: description: |- relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters title: |- Internal uri of the call type: string required: - uri - method title: |- A single request within a batch of operations type: object x-vmw-nsx-module: Common BatchResponse: description: |- The reponse to a batch operation properties: has_errors: description: |- Indicates if any of the APIs failed title: |- errors indicator type: boolean results: description: |- Bulk list results items: $ref: '#/definitions/BatchResponseItem' title: |- Bulk list results type: array rolled_back: description: |- Optional flag indicating that all items were rolled back even if succeeded initially title: |- indicates if all items were rolled back. type: boolean required: - results title: |- The reponse to a batch operation type: object x-vmw-nsx-module: Common BatchResponseItem: description: |- A single respose in a list of batched responses properties: body: description: |- object returned by api title: |- object returned by api type: object code: description: |- http status code format: int64 title: |- object returned by api type: integer headers: description: |- The headers returned by the API call title: |- object returned by api type: object required: - code title: |- A single respose in a list of batched responses type: object x-vmw-nsx-module: Common BfdProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: interval: default: 500 description: | Time interval between heartbeat packets in milliseconds. format: int32 maximum: 60000 minimum: 50 title: |- Time interval between heartbeat packets in milliseconds type: integer multiple: default: 3 description: | Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. format: int32 maximum: 16 minimum: 2 title: |- Declare dead multiple type: integer type: object x-vmw-nsx-module: PolicyConnectivity description: |- Bidirectional Forwarding Detection configuration for BGP peers title: |- Bidirectional Forwarding Detection configuration for BGP peers x-vmw-nsx-module: PolicyConnectivity BfdProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Bfd Profile list results. items: $ref: '#/definitions/BfdProfile' title: |- Bfd Profile List Results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged Collection of BfdProfile. title: |- Paged Collection of BfdProfile x-vmw-nsx-module: PolicyConnectivity BgpAddressFamily: properties: in_prefix_count: description: |- Count of in prefixes format: int64 readOnly: true title: |- Count of in prefixes type: integer out_prefix_count: description: |- Count of out prefixes format: int64 readOnly: true title: |- Count of out prefixes type: integer type: description: |- BGP address family type enum: - IPV4_UNICAST - VPNV4_UNICAST - IPV6_UNICAST - L2VPN_EVPN readOnly: true title: |- BGP address family type type: string type: object x-vmw-nsx-module: AggSvcLogicalRouter BgpBfdConfig: description: |- BFD configuration for BGP peers properties: enabled: default: false description: |- Flag to enable BFD cofiguration. title: |- Flag to enable BFD cofiguration type: boolean interval: default: 500 description: | Time interval between heartbeat packets in milliseconds. format: int32 maximum: 60000 minimum: 50 title: |- Time interval between heartbeat packets in milliseconds type: integer multiple: default: 3 description: | Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. format: int32 maximum: 16 minimum: 2 title: |- Declare dead multiple type: integer title: |- BFD configuration for BGP peers type: object x-vmw-nsx-module: PolicyConnectivity BgpGracefulRestartConfig: description: |- Configuration field to hold BGP restart mode and timer. properties: mode: default: HELPER_ONLY description: | If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. enum: - DISABLE - GR_AND_HELPER - HELPER_ONLY title: |- BGP Graceful Restart Configuration Mode type: string timer: $ref: '#/definitions/BgpGracefulRestartTimer' description: |- Configuration field to hold BGP restart timers. title: |- BGP Graceful Restart Timer title: |- BGP Graceful Restart Configuration type: object x-vmw-nsx-module: PolicyConnectivity BgpGracefulRestartTimer: description: |- Configuration field to hold BGP restart timers properties: restart_timer: default: 180 description: | Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer. format: int64 maximum: 3600 minimum: 1 title: |- BGP Graceful Restart Timer type: integer stale_route_timer: default: 600 description: | Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts. format: int64 maximum: 3600 minimum: 1 title: |- BGP Stale Route Timer type: integer title: |- BGP Graceful Restart Timers type: object x-vmw-nsx-module: PolicyConnectivity BgpNeighborConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allow_as_in: default: false description: |- Flag to enable allowas_in option for BGP neighbor title: |- Flag to enable allowas_in option for BGP neighbor type: boolean bfd: $ref: '#/definitions/BgpBfdConfig' description: | BFD configuration for failure detection. BFD is enabled with default values when not configured. title: |- BFD configuration for failure detection graceful_restart_mode: description: | If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. enum: - DISABLE - GR_AND_HELPER - HELPER_ONLY title: |- BGP Graceful Restart Configuration Mode type: string hold_down_time: default: 180 description: | Wait time in seconds before declaring peer dead. format: int32 maximum: 65535 minimum: 1 title: |- Wait time in seconds before declaring peer dead type: integer in_route_filters: description: | Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. items: type: string maxItems: 1 title: |- Prefix-list or route map path for IN direction type: array x-deprecated: true keep_alive_time: default: 60 description: | Interval (in seconds) between keep alive messages sent to peer. format: int32 maximum: 65535 minimum: 1 title: |- Interval between keep alive messages sent to peer type: integer maximum_hop_limit: default: 1 description: | Maximum number of hops allowed to reach BGP neighbor. format: int32 maximum: 255 minimum: 1 title: |- Maximum number of hops allowed to reach BGP neighbor type: integer neighbor_address: description: |- Neighbor IP Address format: ip type: string out_route_filters: description: | Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. items: type: string maxItems: 1 title: |- Prefix-list or route map path for OUT direction type: array x-deprecated: true password: description: | Specify password for BGP neighbor authentication. Empty string ("") clears existing password. maxLength: 20 minLength: 0 title: |- Password type: string remote_as_num: description: |- 4 Byte ASN of the neighbor in ASPLAIN Format title: |- 4 Byte ASN of the neighbor in ASPLAIN Format type: string route_filtering: description: | Enable address families and route filtering in each direction. items: $ref: '#/definitions/BgpRouteFiltering' maxItems: 2 title: |- Enable address families and route filtering in each direction type: array source_addresses: description: | Source addresses should belong to Tier0 external or loopback interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 8 title: |- Source IP Addresses for BGP peering type: array required: - remote_as_num - neighbor_address type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains information necessary to configure a BGP neighbor. title: |- BGP neighbor config x-vmw-nsx-module: PolicyConnectivity BgpNeighborConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- BGP neighbor configs list results items: $ref: '#/definitions/BgpNeighborConfig' title: |- BGP neighbor configs list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of BGP Neighbor Configs title: |- Paged collection of BGP Neighbor Configs x-vmw-nsx-module: PolicyConnectivity BgpNeighborRouteDetailsCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: as_path: description: |- BGP AS path attribute. readOnly: true title: |- AS path type: string local_pref: description: |- BGP Local Preference attribute. format: int64 readOnly: true title: |- Local preference type: integer logical_router_id: description: |- Logical router id readOnly: true title: |- Logical router id type: string med: description: |- BGP Multi Exit Discriminator attribute. format: int64 readOnly: true title: |- Multi Exit Discriminator type: integer neighbor_address: description: |- BGP neighbor peer IP address. format: ip readOnly: true type: string neighbor_id: description: |- BGP neighbor id readOnly: true title: |- BGP neighbor id type: string network: description: |- CIDR network address. format: ip-cidr-block readOnly: true type: string next_hop: description: |- Next hop IP address. format: ip readOnly: true type: string source_address: description: |- BGP neighbor source address. format: ip readOnly: true type: string transport_node_id: description: |- Transport node id readOnly: true title: |- Transport node id type: string weight: description: |- BGP Weight attribute. format: int64 readOnly: true title: |- Weight type: integer type: object x-vmw-nsx-module: AggSvcLogicalRouter description: |- BGP neighbor learned/advertised route details. title: |- BGP neighbor route details x-vmw-nsx-module: AggSvcLogicalRouter BgpNeighborRouteDetailsInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: results: items: $ref: '#/definitions/BgpNeighborRouteDetailsCsvRecord' type: array type: object x-vmw-nsx-module: AggSvcLogicalRouter x-vmw-nsx-module: AggSvcLogicalRouter BgpNeighborRoutes: description: |- BGP neighbor learned/advertised route details. properties: egde_node_routes: description: | Array of BGP neighbor route details per edge node. items: $ref: '#/definitions/RoutesPerTransportNode' readOnly: true title: |- Route details per transport node type: array enforcement_point_path: description: |- Enforcement point policy path readOnly: true title: |- Enforcement point policy path type: string neighbor_path: description: |- BGP neighbor policy path readOnly: true title: |- BGP neighbor policy path type: string title: |- BGP neighbor route details type: object x-vmw-nsx-module: PolicyConnectivityStatistics BgpNeighborRoutesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of Bgp neighbor routes. items: $ref: '#/definitions/BgpNeighborRoutes' title: |- Paged Collection of Bgp neighbor routes type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics BgpRouteFiltering: description: |- Enable address_families and route filtering in each direction properties: address_family: description: |- Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration. enum: - IPV4 - IPV6 - L2VPN_EVPN title: |- Address family type type: string enabled: default: true description: |- Flag to enable address family. title: |- Enable address family type: boolean in_route_filters: description: | Specify path of prefix-list or route map to filter routes for IN direction. items: type: string maxItems: 1 title: |- Prefix-list or route map path for IN direction type: array maximum_routes: description: | Maximum number of routes for the address family. format: int32 maximum: 1000000 minimum: 1 title: |- Maximum number of routes for the address family type: integer out_route_filters: description: | Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. items: type: string maxItems: 1 title: |- Prefix-list or route map path for OUT direction type: array title: |- Enable address_families and route filtering in each direction type: object x-vmw-nsx-module: PolicyConnectivity BgpRoutingConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ecmp: description: | Flag to enable ECMP. title: |- Flag to enable ECMP type: boolean enabled: description: | Flag to enable BGP configuration. Disabling will stop feature and BGP peering. title: |- Flag to enable BGP configuration type: boolean graceful_restart: description: | Flag to enable graceful restart. This field is deprecated, please use graceful_restart_config parameter for graceful restart configuration. If both parameters are set and consistent with each other (i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is allowed, but if inconsistent with each other then this is not allowed and validation error will be thrown. title: |- Flag to enable graceful restart type: boolean x-deprecated: true graceful_restart_config: $ref: '#/definitions/BgpGracefulRestartConfig' description: |- Configuration field to hold BGP Restart mode and timer. title: |- BGP Graceful Restart Configuration inter_sr_ibgp: description: | Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode. title: |- Enable inter SR IBGP configuration type: boolean local_as_num: description: | Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0. title: |- BGP AS number in ASPLAIN/ASDOT Format type: string multipath_relax: description: |- Flag to enable BGP multipath relax option. title: |- Flag to enable BGP multipath relax option type: boolean route_aggregations: description: | List of routes to be aggregated. items: $ref: '#/definitions/RouteAggregationEntry' maxItems: 1000 title: |- List of routes to be aggregated type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains BGP routing configuration. title: |- BGP routing config x-vmw-nsx-module: PolicyConnectivity BinaryPacketData: allOf: - $ref: '#/definitions/PacketData' - properties: payload: description: |- Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers. maxLength: 1336 title: |- RFC3548 compatible base64 encoded full payload type: string type: object x-vmw-nsx-module: Traceflow x-vmw-nsx-module: Traceflow BridgeProfileConfig: description: |- configuration parameters for Bridge Profile properties: bridge_profile_path: description: |- Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique. title: |- Policy path to L2 Bridge profile type: string uplink_teaming_policy_name: description: |- The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one fot he switching uplink teaming policy names listed in teh transport zone. When this property is not specified, the teaming policy is assigned by MP. title: |- Uplink Teaming Policy Name type: string vlan_ids: description: |- VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both. items: type: string title: |- VLAN IDs type: array vlan_transport_zone_path: description: |- VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment. title: |- Policy path to VLAN Transport Zone type: string required: - vlan_transport_zone_path - bridge_profile_path title: |- Bridge Profile Configuration type: object x-vmw-nsx-module: PolicyConnectivity ByodPolicyServiceInstance: allOf: - $ref: '#/definitions/BasePolicyServiceInstance' - type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner's service whose wiring will be done by partner itself. As partner does all the wiring, we call it as Byod - Bring your own device. title: |- Represents instance of self wiring partner's service x-vmw-nsx-module: PolicyServiceInsertion Certificate: allOf: - $ref: '#/definitions/ManagedResource' - properties: details: description: |- List of X509Certificates. items: $ref: '#/definitions/X509Certificate' readOnly: true type: array pem_encoded: description: |- PEM encoded certificate data. readOnly: false type: string used_by: description: |- List of node IDs with services, that are using this certificate. items: $ref: '#/definitions/NodeIdServicesMap' readOnly: true type: array required: - pem_encoded type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager CertificateCheckingStatus: description: |- Result of checking a certificate properties: error_message: description: |- Error message when checking the certificate. readOnly: true title: |- Error Message type: string status: description: |- Status of the checked certificate. enum: - OK - CRL_NOT_READY - REJECTED - ERROR readOnly: true type: string title: |- Result of checking a certificate type: object x-vmw-nsx-module: CertificateManager CertificateList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Certificate list. items: $ref: '#/definitions/Certificate' readOnly: true type: array type: object x-vmw-nsx-module: CertificateManager description: |- Certificate queries result title: |- Certificate queries result x-vmw-nsx-module: CertificateManager CertificateProfile: allOf: - $ref: '#/definitions/Resource' - properties: cluster_certificate: description: |- True if this is for a cluster certificate readOnly: true title: |- Cluster Certificate type: boolean extended_key_usage: description: |- Indicating whether this certificate is used for server-auth, client-auth or both. items: description: |- Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER enum: - SERVER - CLIENT type: string readOnly: true title: |- Extended Key Usage type: array node_type: description: |- List of types of node this certificate applies to. items: description: |- Node Type type: string readOnly: true title: |- Node Type type: array profile_name: description: |- Certificate Profile Name readOnly: true title: |- Certificate Profile Name type: string service_type: description: |- Unique Service Type enum: - MGMT_CLUSTER - MGMT_PLANE - API - NOTIFICATION_COLLECTOR - SYSLOG_SERVER - RSYSLOG_CLIENT - APH - GLOBAL_MANAGER - LOCAL_MANAGER - CLIENT_AUTH - RMQ readOnly: true type: string unique_use: description: |- True if the certificate used for this service-type cannot be used anywhere else. readOnly: true title: |- Unique Use type: boolean type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager CertificateProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CertificateProfile list. items: $ref: '#/definitions/CertificateProfile' readOnly: false type: array required: - results type: object x-vmw-nsx-module: CertificateManager description: |- CertificateProfile query result title: |- CertificateProfile query result x-vmw-nsx-module: CertificateManager ChildALBAnalyticsProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBAnalyticsProfile: $ref: '#/definitions/ALBAnalyticsProfile' description: | Contains the actual ALBAnalyticsProfile object. title: |- ChildALBAnalyticsProfile required: - ALBAnalyticsProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBAnalyticsProfile, used in hierarchical API. title: |- Wrapper object for ChildALBAnalyticsProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBApplicationPersistenceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBApplicationPersistenceProfile: $ref: '#/definitions/ALBApplicationPersistenceProfile' description: | Contains the actual ALBApplicationPersistenceProfile object. title: |- ChildALBApplicationPersistenceProfile required: - ALBApplicationPersistenceProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBApplicationPersistenceProfile, used in hierarchical API. title: |- Wrapper object for ChildALBApplicationPersistenceProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBApplicationProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBApplicationProfile: $ref: '#/definitions/ALBApplicationProfile' description: | Contains the actual ALBApplicationProfile object. title: |- ChildALBApplicationProfile required: - ALBApplicationProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBApplicationProfile, used in hierarchical API. title: |- Wrapper object for ChildALBApplicationProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBAuthProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBAuthProfile: $ref: '#/definitions/ALBAuthProfile' description: | Contains the actual ALBAuthProfile object. title: |- ChildALBAuthProfile required: - ALBAuthProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBAuthProfile, used in hierarchical API. title: |- Wrapper object for ChildALBAuthProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBAutoScaleLaunchConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBAutoScaleLaunchConfig: $ref: '#/definitions/ALBAutoScaleLaunchConfig' description: | Contains the actual ALBAutoScaleLaunchConfig object. title: |- ChildALBAutoScaleLaunchConfig required: - ALBAutoScaleLaunchConfig type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBAutoScaleLaunchConfig, used in hierarchical API. title: |- Wrapper object for ChildALBAutoScaleLaunchConfig x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBDnsPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBDnsPolicy: $ref: '#/definitions/ALBDnsPolicy' description: | Contains the actual ALBDnsPolicy object. title: |- ChildALBDnsPolicy required: - ALBDnsPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBDnsPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBDnsPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBErrorPageBody: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBErrorPageBody: $ref: '#/definitions/ALBErrorPageBody' description: | Contains the actual ALBErrorPageBody object. title: |- ChildALBErrorPageBody required: - ALBErrorPageBody type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBErrorPageBody, used in hierarchical API. title: |- Wrapper object for ChildALBErrorPageBody x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBErrorPageProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBErrorPageProfile: $ref: '#/definitions/ALBErrorPageProfile' description: | Contains the actual ALBErrorPageProfile object. title: |- ChildALBErrorPageProfile required: - ALBErrorPageProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBErrorPageProfile, used in hierarchical API. title: |- Wrapper object for ChildALBErrorPageProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBHTTPPolicySet: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBHTTPPolicySet: $ref: '#/definitions/ALBHTTPPolicySet' description: | Contains the actual ALBHTTPPolicySet object. title: |- ChildALBHTTPPolicySet required: - ALBHTTPPolicySet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBHTTPPolicySet, used in hierarchical API. title: |- Wrapper object for ChildALBHTTPPolicySet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBHardwareSecurityModuleGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBHardwareSecurityModuleGroup: $ref: '#/definitions/ALBHardwareSecurityModuleGroup' description: | Contains the actual ALBHardwareSecurityModuleGroup object. title: |- ChildALBHardwareSecurityModuleGroup required: - ALBHardwareSecurityModuleGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBHardwareSecurityModuleGroup, used in hierarchical API. title: |- Wrapper object for ChildALBHardwareSecurityModuleGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBHealthMonitor: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBHealthMonitor: $ref: '#/definitions/ALBHealthMonitor' description: | Contains the actual ALBHealthMonitor object. title: |- ChildALBHealthMonitor required: - ALBHealthMonitor type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBHealthMonitor, used in hierarchical API. title: |- Wrapper object for ChildALBHealthMonitor x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBIpAddrGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBIpAddrGroup: $ref: '#/definitions/ALBIpAddrGroup' description: | Contains the actual ALBIpAddrGroup object. title: |- ChildALBIpAddrGroup required: - ALBIpAddrGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBIpAddrGroup, used in hierarchical API. title: |- Wrapper object for ChildALBIpAddrGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBL4PolicySet: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBL4PolicySet: $ref: '#/definitions/ALBL4PolicySet' description: | Contains the actual ALBL4PolicySet object. title: |- ChildALBL4PolicySet required: - ALBL4PolicySet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBL4PolicySet, used in hierarchical API. title: |- Wrapper object for ChildALBL4PolicySet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBNetworkProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBNetworkProfile: $ref: '#/definitions/ALBNetworkProfile' description: | Contains the actual ALBNetworkProfile object. title: |- ChildALBNetworkProfile required: - ALBNetworkProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBNetworkProfile, used in hierarchical API. title: |- Wrapper object for ChildALBNetworkProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBNetworkSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBNetworkSecurityPolicy: $ref: '#/definitions/ALBNetworkSecurityPolicy' description: | Contains the actual ALBNetworkSecurityPolicy object. title: |- ChildALBNetworkSecurityPolicy required: - ALBNetworkSecurityPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBNetworkSecurityPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBNetworkSecurityPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBPKIProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBPKIProfile: $ref: '#/definitions/ALBPKIProfile' description: | Contains the actual ALBPKIProfile object. title: |- ChildALBPKIProfile required: - ALBPKIProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBPKIProfile, used in hierarchical API. title: |- Wrapper object for ChildALBPKIProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBPool: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBPool: $ref: '#/definitions/ALBPool' description: | Contains the actual ALBPool object. title: |- ChildALBPool required: - ALBPool type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBPool, used in hierarchical API. title: |- Wrapper object for ChildALBPool x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBPoolGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBPoolGroup: $ref: '#/definitions/ALBPoolGroup' description: | Contains the actual ALBPoolGroup object. title: |- ChildALBPoolGroup required: - ALBPoolGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBPoolGroup, used in hierarchical API. title: |- Wrapper object for ChildALBPoolGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBPoolGroupDeploymentPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBPoolGroupDeploymentPolicy: $ref: '#/definitions/ALBPoolGroupDeploymentPolicy' description: | Contains the actual ALBPoolGroupDeploymentPolicy object. title: |- ChildALBPoolGroupDeploymentPolicy required: - ALBPoolGroupDeploymentPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBPoolGroupDeploymentPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBPoolGroupDeploymentPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBPriorityLabels: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBPriorityLabels: $ref: '#/definitions/ALBPriorityLabels' description: | Contains the actual ALBPriorityLabels object. title: |- ChildALBPriorityLabels required: - ALBPriorityLabels type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBPriorityLabels, used in hierarchical API. title: |- Wrapper object for ChildALBPriorityLabels x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBProtocolParser: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBProtocolParser: $ref: '#/definitions/ALBProtocolParser' description: | Contains the actual ALBProtocolParser object. title: |- ChildALBProtocolParser required: - ALBProtocolParser type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBProtocolParser, used in hierarchical API. title: |- Wrapper object for ChildALBProtocolParser x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBSSLKeyAndCertificate: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBSSLKeyAndCertificate: $ref: '#/definitions/ALBSSLKeyAndCertificate' description: | Contains the actual ALBSSLKeyAndCertificate object. title: |- ChildALBSSLKeyAndCertificate required: - ALBSSLKeyAndCertificate type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBSSLKeyAndCertificate, used in hierarchical API. title: |- Wrapper object for ChildALBSSLKeyAndCertificate x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBSSLProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBSSLProfile: $ref: '#/definitions/ALBSSLProfile' description: | Contains the actual ALBSSLProfile object. title: |- ChildALBSSLProfile required: - ALBSSLProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBSSLProfile, used in hierarchical API. title: |- Wrapper object for ChildALBSSLProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBSSOPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBSSOPolicy: $ref: '#/definitions/ALBSSOPolicy' description: | Contains the actual ALBSSOPolicy object. title: |- ChildALBSSOPolicy required: - ALBSSOPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBSSOPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBSSOPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBSecurityPolicy: $ref: '#/definitions/ALBSecurityPolicy' description: | Contains the actual ALBSecurityPolicy object. title: |- ChildALBSecurityPolicy required: - ALBSecurityPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBSecurityPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBSecurityPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBServerAutoScalePolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBServerAutoScalePolicy: $ref: '#/definitions/ALBServerAutoScalePolicy' description: | Contains the actual ALBServerAutoScalePolicy object. title: |- ChildALBServerAutoScalePolicy required: - ALBServerAutoScalePolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBServerAutoScalePolicy, used in hierarchical API. title: |- Wrapper object for ChildALBServerAutoScalePolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBStringGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBStringGroup: $ref: '#/definitions/ALBStringGroup' description: | Contains the actual ALBStringGroup object. title: |- ChildALBStringGroup required: - ALBStringGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBStringGroup, used in hierarchical API. title: |- Wrapper object for ChildALBStringGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBTrafficCloneProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBTrafficCloneProfile: $ref: '#/definitions/ALBTrafficCloneProfile' description: | Contains the actual ALBTrafficCloneProfile object. title: |- ChildALBTrafficCloneProfile required: - ALBTrafficCloneProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBTrafficCloneProfile, used in hierarchical API. title: |- Wrapper object for ChildALBTrafficCloneProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBVSDataScriptSet: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBVSDataScriptSet: $ref: '#/definitions/ALBVSDataScriptSet' description: | Contains the actual ALBVSDataScriptSet object. title: |- ChildALBVSDataScriptSet required: - ALBVSDataScriptSet type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBVSDataScriptSet, used in hierarchical API. title: |- Wrapper object for ChildALBVSDataScriptSet x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBVirtualService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBVirtualService: $ref: '#/definitions/ALBVirtualService' description: | Contains the actual ALBVirtualService object. title: |- ChildALBVirtualService required: - ALBVirtualService type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBVirtualService, used in hierarchical API. title: |- Wrapper object for ChildALBVirtualService x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBVsVip: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBVsVip: $ref: '#/definitions/ALBVsVip' description: | Contains the actual ALBVsVip object. title: |- ChildALBVsVip required: - ALBVsVip type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBVsVip, used in hierarchical API. title: |- Wrapper object for ChildALBVsVip x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBWafCRS: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBWafCRS: $ref: '#/definitions/ALBWafCRS' description: | Contains the actual ALBWafCRS object. title: |- ChildALBWafCRS required: - ALBWafCRS type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBWafCRS, used in hierarchical API. title: |- Wrapper object for ChildALBWafCRS x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBWafPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBWafPolicy: $ref: '#/definitions/ALBWafPolicy' description: | Contains the actual ALBWafPolicy object. title: |- ChildALBWafPolicy required: - ALBWafPolicy type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBWafPolicy, used in hierarchical API. title: |- Wrapper object for ChildALBWafPolicy x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBWafPolicyPSMGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBWafPolicyPSMGroup: $ref: '#/definitions/ALBWafPolicyPSMGroup' description: | Contains the actual ALBWafPolicyPSMGroup object. title: |- ChildALBWafPolicyPSMGroup required: - ALBWafPolicyPSMGroup type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBWafPolicyPSMGroup, used in hierarchical API. title: |- Wrapper object for ChildALBWafPolicyPSMGroup x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBWafProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBWafProfile: $ref: '#/definitions/ALBWafProfile' description: | Contains the actual ALBWafProfile object. title: |- ChildALBWafProfile required: - ALBWafProfile type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBWafProfile, used in hierarchical API. title: |- Wrapper object for ChildALBWafProfile x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildALBWebhook: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ALBWebhook: $ref: '#/definitions/ALBWebhook' description: | Contains the actual ALBWebhook object. title: |- ChildALBWebhook required: - ALBWebhook type: object x-vmw-nsx-module: PolicyAdvancedLoadBalancer description: | Child wrapper for ALBWebhook, used in hierarchical API. title: |- Wrapper object for ChildALBWebhook x-vmw-nsx-module: PolicyAdvancedLoadBalancer ChildBfdProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BfdProfile: $ref: '#/definitions/BfdProfile' description: | Contains the actual BfdProfile object. title: |- Bfd Profile required: - BfdProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for BfdProfile, used in hierarchical API. title: |- Wrapper object for BfdProfile x-vmw-nsx-module: PolicyConnectivity ChildBgpNeighborConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BgpNeighborConfig: $ref: '#/definitions/BgpNeighborConfig' description: | Contains the actual BgpNeighborConfig object. title: |- BgpNeighborConfig required: - BgpNeighborConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for BgpNeighborConfig, used in hierarchical API. title: |- Wrapper object for BgpNeighborConfig x-vmw-nsx-module: PolicyConnectivity ChildBgpRoutingConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BgpRoutingConfig: $ref: '#/definitions/BgpRoutingConfig' description: | Contains the actual BgpRoutingConfig object. title: |- BgpRoutingConfig required: - BgpRoutingConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for BgpRoutingConfig, used in hierarchical API. title: |- Wrapper object for BgpRoutingConfig x-vmw-nsx-module: PolicyConnectivity ChildByodPolicyServiceInstance: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ByodPolicyServiceInstance: $ref: '#/definitions/ByodPolicyServiceInstance' description: | Contains actual ByodPolicyServiceInstance. title: |- ByodPolicyServiceInstance required: - ByodPolicyServiceInstance type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ByodPolicyServiceInstance used in hierarchical API. title: |- Wrapper object for ByodPolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion ChildCommunicationEntry: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunicationEntry: $ref: '#/definitions/CommunicationEntry' description: | Contains the actual CommunicationEntry object. title: |- CommunicationEntry required: - CommunicationEntry type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead. title: |- Wrapper object for CommunicationEntry x-vmw-nsx-module: Policy ChildCommunicationMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunicationMap: $ref: '#/definitions/CommunicationMap' description: | Contains the actual CommunicationMap object. title: |- CommunicationMap required: - CommunicationMap type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead. title: |- Wrapper object for CommunicationMap x-vmw-nsx-module: Policy ChildCommunityList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunityList: $ref: '#/definitions/CommunityList' description: | Contains the actual CommunityList object title: |- CommunityList required: - CommunityList type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for CommunityList, used in hierarchical API title: |- Wrapper object for CommunityList x-vmw-nsx-module: PolicyConnectivity ChildComputeClusterIdfwConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ComputeClusterIdfwConfiguration: $ref: '#/definitions/ComputeClusterIdfwConfiguration' description: | Contains the actual compute cluster idfw configuration object. title: |- ComputeClusterIdfwConfiguration required: - ComputeClusterIdfwConfiguration type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for ComputeClusterIdfwConfiguration title: |- Wrapper object for ComputeClusterIdfwConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration ChildConstraint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Constraint: $ref: '#/definitions/Constraint' description: | Contains the actual Constraint object title: |- Constraint required: - Constraint type: object x-vmw-nsx-module: PolicyConstraints description: |- Child wrapper object for Constraint, used in hierarchical API title: |- Wrapper object for Constraint x-vmw-nsx-module: PolicyConstraints ChildDeploymentZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DeploymentZone: $ref: '#/definitions/DeploymentZone' description: | Contains the actual DeploymentZone object title: |- DeploymentZone required: - DeploymentZone type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for DeploymentZone, used in hierarchical API title: |- Wrapper object for DeploymentZone x-vmw-nsx-module: PolicyEnforcementPointManagement ChildDfwFirewallConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DfwFirewallConfiguration: $ref: '#/definitions/DfwFirewallConfiguration' description: | Contains the actual dfw firewall configuration list object. title: |- Dfw Firewall Configuration required: - DfwFirewallConfiguration type: object x-vmw-nsx-module: Policy description: |- Wrapper object for FirewallConfiguration title: |- Wrapper object for FirewallConfiguration x-vmw-nsx-module: Policy ChildDhcpRelayConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpRelayConfig: $ref: '#/definitions/DhcpRelayConfig' description: | Contains the actual DhcpRelayConfig object title: |- DhcpRelayConfig required: - DhcpRelayConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for DhcpRelayConfig, used in hierarchical API title: |- Wrapper object for DhcpRelayConfig x-vmw-nsx-module: PolicyConnectivity ChildDhcpServerConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpServerConfig: $ref: '#/definitions/DhcpServerConfig' description: | Contains the actual DhcpServerConfig object title: |- DhcpServerConfig required: - DhcpServerConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for DhcpServerConfig, used in hierarchical API title: |- Wrapper object for DhcpServerConfig x-vmw-nsx-module: PolicyConnectivity ChildDhcpStaticBindingConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpStaticBindingConfig: $ref: '#/definitions/DhcpStaticBindingConfig' description: | Contains the actual DhcpStaticBindingConfig object. title: |- DhcpStaticBindingConfig required: - DhcpStaticBindingConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for DhcpStaticBindingConfig, used in hierarchical API. title: |- Wrapper object for DhcpStaticBindingConfig x-vmw-nsx-module: PolicyConnectivity ChildDnsSecurityProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DnsSecurityProfile: $ref: '#/definitions/DnsSecurityProfile' description: | Contains the actual DnsSecurityProfile object title: |- DnsSecurityProfile required: - DnsSecurityProfile type: object x-vmw-nsx-module: PolicyProfile description: |- Child wrapper object for DnsSecurityProfile, used in hierarchical API title: |- Wrapper object for DnsSecurityProfile x-vmw-nsx-module: PolicyProfile ChildDnsSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DnsSecurityProfileBindingMap: $ref: '#/definitions/DnsSecurityProfileBindingMap' description: | Contains the actual DnsSecurityProfileBindingMap object title: |- DnsSecurityProfileBindingMap required: - DnsSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: | Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API title: |- Wrapper object for DnsSecurityProfileBindingMap x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding ChildDomain: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Domain: $ref: '#/definitions/Domain' description: | Contains the actual domain object. title: |- Domain required: - Domain type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for domain, used in hierarchical API. title: |- Wrapper object for Domain x-vmw-nsx-module: Policy ChildDomainDeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DomainDeploymentMap: $ref: '#/definitions/DomainDeploymentMap' description: | Contains the actual DomainDeploymentMap object. title: |- DomainDeploymentMap required: - DomainDeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for DomainDeploymentMap, used in hierarchical API. title: |- Wrapper object for DomainDeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildEndpointPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EndpointPolicy: $ref: '#/definitions/EndpointPolicy' description: | Contains actual EndpointPolicy. title: |- EndpointPolicy required: - EndpointPolicy type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Child wrapper object for EndpointPolicy used in hierarchical API. title: |- Wrapper object for Endpoint Policy x-vmw-nsx-module: PolicyGuestIntrospection ChildEndpointRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EndpointRule: $ref: '#/definitions/EndpointRule' description: | Contains actual EndpointRule. title: |- EndpointRule required: - EndpointRule type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Child wrapper object for EndpointRule used in hierarchical API. title: |- Wrapper object for Endpoint Rule x-vmw-nsx-module: PolicyGuestIntrospection ChildEnforcementPoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EnforcementPoint: $ref: '#/definitions/EnforcementPoint' description: | Contains the actual Enforcement point object. title: |- EnforcementPoint required: - EnforcementPoint type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for EnforcementPoint, used in hierarchical API. title: |- Wrapper object for EnforcementPoint x-vmw-nsx-module: PolicyEnforcementPointManagement ChildEvpnConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EvpnConfig: $ref: '#/definitions/EvpnConfig' description: | Contains the actual EvpnConfig object. title: |- EvpnConfig required: - EvpnConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for EvpnConfig, used in hierarchical API. title: |- Wrapper object for EvpnConfig x-vmw-nsx-module: PolicyConnectivity ChildEvpnTunnelEndpointConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EvpnTunnelEndpointConfig: $ref: '#/definitions/EvpnTunnelEndpointConfig' description: | Contains the actual EvpnTunnelEndpointConfig object. title: |- EvpnTunnelEndpointConfig required: - EvpnTunnelEndpointConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API. title: |- Wrapper object for EvpnTunnelEndpointConfig x-vmw-nsx-module: PolicyConnectivity ChildFloodProtectionProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FloodProtectionProfile: $ref: '#/definitions/FloodProtectionProfile' description: | Contains the actual FloodProtectionProfile object title: |- FloodProtectionProfile required: - FloodProtectionProfile type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for FloodProtectionProfile, used in hierarchical API title: |- Wrapper object for FloodProtectionProfile x-vmw-nsx-module: PolicyProfile ChildFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FloodProtectionProfileBindingMap: $ref: '#/definitions/FloodProtectionProfileBindingMap' description: | Contains the actual FloodProtectionProfileBindingMap object title: |- FloodProtectionProfileBindingMap required: - FloodProtectionProfileBindingMap type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for FloodProtectionProfileBindingMap, used in hierarchical API title: |- Wrapper object for FloodProtectionProfileBindingMap x-vmw-nsx-module: PolicyProfile ChildForwardingPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ForwardingPolicy: $ref: '#/definitions/ForwardingPolicy' description: | Contains actual ForwardingPolicy. title: |- ForwardingPolicy required: - ForwardingPolicy type: object x-vmw-nsx-module: PolicyForwarding description: | Child wrapper object for ForwardingPolicy used in Hierarchical API. title: | Wrapper object for children of type ForwardingPolicy x-vmw-nsx-module: PolicyForwarding ChildForwardingRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ForwardingRule: $ref: '#/definitions/ForwardingRule' description: | Contains actual ForwardingRule. title: |- ForwardingRule required: - ForwardingRule type: object x-vmw-nsx-module: PolicyForwarding description: | Child wrapper object for ForwardingRule used in Hierarchical API. title: | Wrapper object for ForwardingRule x-vmw-nsx-module: PolicyForwarding ChildFqdnAnalysisConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FqdnAnalysisConfig: $ref: '#/definitions/FqdnAnalysisConfig' description: | Contains the actual FqdnAnalysisConfig object title: |- FQDN Analysis Config required: - FqdnAnalysisConfig type: object x-vmw-nsx-module: PolicyUrlCategorization description: |- Child wrapper object for FqdnAnalysisConfig, used in hierarchical API title: |- Wrapper object for FqdnAnalysisConfig x-vmw-nsx-module: PolicyUrlCategorization ChildGatewayPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GatewayPolicy: $ref: '#/definitions/GatewayPolicy' description: | Contains the actual GatewayPolicy object title: |- GatewayPolicy required: - GatewayPolicy type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for GatewayPolicy, used in hierarchical API title: |- Wrapper object for GatewayPolicy x-vmw-nsx-module: Policy ChildGatewayQosProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: QosProfile: $ref: '#/definitions/GatewayQosProfile' description: | Contains the actual GatewayQosProfile object. title: |- GatewayQosProfile required: - QosProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for GatewayQosProfile, used in hierarchical API. title: |- Wrapper object for GatewayQosProfile x-vmw-nsx-module: PolicyConnectivity ChildGeneralSecurityProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GeneralSecurityProfile: $ref: '#/definitions/GeneralSecurityProfile' description: | Contains the actual GeneralSecurityProfile object title: |- GeneralSecurityProfile required: - GeneralSecurityProfile type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for GeneralSecurityProfile, used in hierarchical API title: |- Wrapper object for GeneralSecurityProfile x-vmw-nsx-module: PolicyProfile ChildGeneralSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GeneralSecurityProfileBindingMap: $ref: '#/definitions/GeneralSecurityProfileBindingMap' description: | Contains the actual GeneralSecurityProfileBindingMap object title: |- GeneralSecurityProfileBindingMap required: - GeneralSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for GeneralSecurityProfileBindingMap, used in hierarchical API title: |- Wrapper object for GeneralSecurityProfileBindingMap x-vmw-nsx-module: PolicyProfile ChildGlobalConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GlobalConfig: $ref: '#/definitions/GlobalConfig' description: | Contains the actual GlobalConfig object. title: |- GlobalConfig required: - GlobalConfig type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for GlobalConfig, used in hierarchical API title: |- Wrapper object for GlobalConfig x-vmw-nsx-module: Policy ChildGlobalIdsSignature: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GlobalIdsSignature: $ref: '#/definitions/GlobalIdsSignature' description: | Contains the GlobalIdsSignature object title: |- GlobalIdsSignature required: - GlobalIdsSignature type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for GlobalIdsSignature, used in hierarchical API title: |- Wrapper object for GlobalIdsSignature x-vmw-nsx-module: PolicyIDS ChildGlobalManager: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GlobalManager: $ref: '#/definitions/GlobalManager' description: | Contains the actual Global Manager object. title: |- GlobalManager required: - GlobalManager type: object x-vmw-nsx-module: PolicySiteGM description: |- Child wrapper object for Global Manager, used in hierarchical API. title: |- Wrapper object for Global Manager x-vmw-nsx-module: PolicySiteGM ChildGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Group: $ref: '#/definitions/Group' description: | Contains the actual group objects. title: |- Group required: - Group type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for group, used in hierarchical API. title: |- Wrapper object for Group x-vmw-nsx-module: Policy ChildGroupDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GroupDiscoveryProfileBindingMap: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' description: | Contains the actual GroupDiscoveryProfileBindingMap object title: |- GroupDiscoveryProfileBindingMap required: - GroupDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API title: |- Wrapper object for GroupDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildGroupMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GroupMonitoringProfileBindingMap: $ref: '#/definitions/GroupMonitoringProfileBindingMap' description: | Contains the actual GroupMonitoringProfileBindingMap object title: |- GroupMonitoringProfileBindingMap required: - GroupMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for GroupMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildIPDiscoveryProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPDiscoveryProfile: $ref: '#/definitions/IPDiscoveryProfile' description: | Contains the actual IPDiscoveryProfile object title: |- IPDiscoveryProfile required: - IPDiscoveryProfile type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Child wrapper object for IPDiscoveryProfile, used in hierarchical API title: |- Wrapper object for IPDiscoveryProfile x-vmw-nsx-module: PolicyIpDiscovery ChildIPFIXDFWCollectorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXDFWCollectorProfile: $ref: '#/definitions/IPFIXDFWCollectorProfile' description: | Contains the actual IPFIXDFWCollectorProfile object title: |- IPFIXDFWCollectorProfile required: - IPFIXDFWCollectorProfile type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API title: |- Wrapper object for IPFIXDFWCollectorProfile x-vmw-nsx-module: PolicyIPFIXDFW ChildIPFIXDFWProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXDFWProfile: $ref: '#/definitions/IPFIXDFWProfile' description: | Contains the actual IPFIXDFWProfile object title: |- IPFIXDFWProfile required: - IPFIXDFWProfile type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Child wrapper object for IPFIXDFWProfile, used in hierarchical API title: |- Wrapper object for IPFIXDFWProfile x-vmw-nsx-module: PolicyIPFIXDFW ChildIPFIXL2CollectorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXL2CollectorProfile: $ref: '#/definitions/IPFIXL2CollectorProfile' description: | Contains the actual IPFIXL2CollectorProfile object title: |- IPFIXL2CollectorProfile required: - IPFIXL2CollectorProfile type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API title: |- Wrapper object for IPFIXL2CollectorProfile x-vmw-nsx-module: PolicyIPFIXSwitch ChildIPFIXL2Profile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXL2Profile: $ref: '#/definitions/IPFIXL2Profile' description: | Contains the actual IPFIXL2Profile object title: |- IPFIXL2Profile required: - IPFIXL2Profile type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Child wrapper object for IPFIXL2Profile, used in hierarchical API title: |- Wrapper object for IPFIXL2Profile x-vmw-nsx-module: PolicyIPFIXSwitch ChildIPSecVpnDpdProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnDpdProfile: $ref: '#/definitions/IPSecVpnDpdProfile' description: | Contains the actual IPSecVpnDpdProfile object. title: |- IPSecVpnDpdProfile required: - IPSecVpnDpdProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnDpdProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnIkeProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnIkeProfile: $ref: '#/definitions/IPSecVpnIkeProfile' description: | Contains the actual IPSecVpnIkeProfile object. title: |- IPSecVpnIkeProfile required: - IPSecVpnIkeProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnIkeProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnLocalEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnLocalEndpoint: $ref: '#/definitions/IPSecVpnLocalEndpoint' description: | Contains the actual IPSecVpnLocalEndpoint object. title: |- IPSecVpnLocalEndpoint required: - IPSecVpnLocalEndpoint type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API. title: |- Wrapper object for IPSecVpnLocalEndpoint x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnService: $ref: '#/definitions/IPSecVpnService' description: | Contains the actual IPSecVpnService object. title: |- IPSecVpnService required: - IPSecVpnService type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnService, used in hierarchical API. title: |- Wrapper object for IPSecVpnService x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnSession: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnSession: $ref: '#/definitions/IPSecVpnSession' description: | Contains the actual IPSecVpnSession object. title: |- IPSecVpnSession required: - IPSecVpnSession type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnSession, used in hierarchical API. title: |- Wrapper object for IPSecVpnSession x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnTunnelProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnTunnelProfile: $ref: '#/definitions/IPSecVpnTunnelProfile' description: | Contains the actual IPSecVpnTunnelProfile object title: |- IPSecVpnTunnelProfile required: - IPSecVpnTunnelProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnTunnelProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIdsClusterConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsClusterConfig: $ref: '#/definitions/IdsClusterConfig' description: | Contains the IdsClusterConfig object title: |- IdsClusterConfig required: - IdsClusterConfig type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsClusterConfig, used in hierarchical API title: |- Wrapper object for IdsClusterConfig x-vmw-nsx-module: PolicyIDS ChildIdsProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsProfile: $ref: '#/definitions/IdsProfile' description: | Contains the IdsProfile object title: |- IdsProfile required: - IdsProfile type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsProfile, used in hierarchical API title: |- Wrapper object for IdsProfile x-vmw-nsx-module: PolicyIDS ChildIdsRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsRule: $ref: '#/definitions/IdsRule' description: | Contains the IdsRule object title: |- IdsRule required: - IdsRule type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsRule, used in hierarchical API title: |- Wrapper object for IdsRule x-vmw-nsx-module: PolicyIDS ChildIdsSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSecurityPolicy: $ref: '#/definitions/IdsSecurityPolicy' description: | Contains the IdsSecurityPolicy object title: |- IdsSecurityPolicy required: - IdsSecurityPolicy type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSecurityPolicy, used in hierarchical API title: |- Wrapper object for IdsSecurityPolicy x-vmw-nsx-module: PolicyIDS ChildIdsSettings: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSettings: $ref: '#/definitions/IdsSettings' description: | Contains the IdsSettings object title: |- IdsSettings required: - IdsSettings type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSettings, used in hierarchical API title: |- Wrapper object for IdsSettings x-vmw-nsx-module: PolicyIDS ChildIdsSignature: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSignature: $ref: '#/definitions/IdsSignature' description: | Contains the IdsSignature object title: |- IdsSignature required: - IdsSignature type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSignature, used in hierarchical API title: |- Wrapper object for IdsSignature x-vmw-nsx-module: PolicyIDS ChildIdsSignatureStatus: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSignatureStatus: $ref: '#/definitions/IdsSignatureStatus' description: | Contains the IdsSignatureStatus object title: |- IdsSignatureStatus required: - IdsSignatureStatus type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSignatureStatus, used in hierarchical API title: |- Wrapper object for IdsSignatureStatus x-vmw-nsx-module: PolicyIDS ChildIdsStandaloneHostConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsStandaloneHostConfig: $ref: '#/definitions/IdsStandaloneHostConfig' description: | Contains the IdsStandaloneHostConfig object title: |- IdsStandaloneHostConfig required: - IdsStandaloneHostConfig type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API title: |- Wrapper object for IdsStandaloneHostConfig x-vmw-nsx-module: PolicyIDS ChildIpAddressAllocation: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressAllocation: $ref: '#/definitions/IpAddressAllocation' description: | Contains the actual IpAddressAllocation object title: |- IpAddressAllocation required: - IpAddressAllocation type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressAllocation, used in hierarchical API title: |- Wrapper object for IpAddressAllocation x-vmw-nsx-module: PolicyIpam ChildIpAddressBlock: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressBlock: $ref: '#/definitions/IpAddressBlock' description: | Contains the actual IpAddressBlock object title: |- IpAddressBlock required: - IpAddressBlock type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressBlock, used in hierarchical API title: |- Wrapper object for IpAddressBlock x-vmw-nsx-module: PolicyIpam ChildIpAddressPool: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressPool: $ref: '#/definitions/IpAddressPool' description: | Contains the actual IpAddressPool object title: |- IpAddressPool required: - IpAddressPool type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressPool, used in hierarchical API title: |- Wrapper object for IpAddressPool x-vmw-nsx-module: PolicyIpam ChildIpAddressPoolSubnet: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressPoolSubnet: $ref: '#/definitions/IpAddressPoolSubnet' description: | Contains the actual IpAddressPoolSubnet object title: |- IpAddressPoolSubnet required: - IpAddressPoolSubnet type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressPoolSubnet, used in hierarchical API title: |- Wrapper object for IpAddressPoolSubnet x-vmw-nsx-module: PolicyIpam ChildIpv6DadProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Ipv6DadProfile: $ref: '#/definitions/Ipv6DadProfile' description: | Contains the actual Ipv6DadProfile objects title: |- Ipv6DadProfile required: - Ipv6DadProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Ipv6DadProfile, used in hierarchical API title: |- Wrapper object for Ipv6DadProfile x-vmw-nsx-module: PolicyConnectivity ChildIpv6NdraProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Ipv6NdraProfile: $ref: '#/definitions/Ipv6NdraProfile' description: | Contains the actual Ipv6NdraProfile objects title: |- Ipv6NdraProfile required: - Ipv6NdraProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Ipv6NdraProfile, used in hierarchical API title: |- Wrapper object for Ipv6NdraProfile x-vmw-nsx-module: PolicyConnectivity ChildL2BridgeEndpointProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2BridgeEndpointProfile: $ref: '#/definitions/L2BridgeEndpointProfile' description: |- Contains the actual L2BridgeEndpointProfile object title: |- L2BridgeEndpointProfile required: - L2BridgeEndpointProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API title: |- Wrapper object for L2BridgeEndpointProfile x-vmw-nsx-module: PolicyConnectivity ChildL2VPNService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VPNService: $ref: '#/definitions/L2VPNService' description: | Contains the actual L2VPNService object. title: |- L2VPNService required: - L2VPNService type: object x-vmw-nsx-module: PolicyLayer2VPN description: |- Child wrapper object for L2VPNService, used in hierarchical API. title: |- Wrapper object for L2VPNService x-vmw-nsx-module: PolicyLayer2VPN ChildL2VPNSession: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VPNSession: $ref: '#/definitions/L2VPNSession' description: | Contains the actual L2VPNSession object. title: |- L2VPNSession required: - L2VPNSession type: object x-vmw-nsx-module: PolicyLayer2VPN description: |- Child wrapper object for L2VPNSession, used in hierarchical API. title: |- Wrapper object for L2VPNSession x-vmw-nsx-module: PolicyLayer2VPN ChildL2Vpn: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2Vpn: $ref: '#/definitions/L2Vpn' description: | Contains the actual L2Vpn object. title: |- L2Vpn required: - L2Vpn type: object x-vmw-nsx-module: PolicyL2Vpn description: |- Child wrapper object for L2Vpn, used in hierarchical API. title: |- Wrapper object for L2Vpn x-vmw-nsx-module: PolicyL2Vpn ChildL2VpnContext: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VpnContext: $ref: '#/definitions/L2VpnContext' description: | Contains the actual L2VpnContext object. title: |- L2VpnContext required: - L2VpnContext type: object x-vmw-nsx-module: PolicyL2Vpn description: |- Child wrapper object for L2VpnContext, used in hierarchical API. title: |- Wrapper object for L2VpnContext x-vmw-nsx-module: PolicyL2Vpn ChildL3Vpn: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L3Vpn: $ref: '#/definitions/L3Vpn' description: | Contains the actual L3Vpn object. title: |- L3Vpn required: - L3Vpn type: object x-vmw-nsx-module: PolicyL3Vpn description: |- Child wrapper object for L3Vpn, used in hierarchical API. title: |- Wrapper object for L3Vpn x-vmw-nsx-module: PolicyL3Vpn ChildL3VpnContext: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L3VpnContext: $ref: '#/definitions/L3VpnContext' description: | Contains the actual L3VpnContext object. title: |- L3VpnContext required: - L3VpnContext type: object x-vmw-nsx-module: PolicyL3Vpn description: |- Child wrapper object for L3VpnContext, used in hierarchical API. title: |- Wrapper object for L3VpnContext x-vmw-nsx-module: PolicyL3Vpn ChildLBAppProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBAppProfile: $ref: '#/definitions/LBAppProfile' description: | Contains the actual LBAppProfile object. title: |- LBAppProfile required: - LBAppProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBAppProfile, used in hierarchical API. title: |- Wrapper object for LBAppProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBClientSslProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBClientSslProfile: $ref: '#/definitions/LBClientSslProfile' description: | Contains the actual LBClientSslProfile object. title: |- LBClientSslProfile required: - LBClientSslProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBClientSslProfile, used in hierarchical API. title: |- Wrapper object for LBClientSslProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBMonitorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBMonitorProfile: $ref: '#/definitions/LBMonitorProfile' description: | Contains the actual LBMonitorProfile object. title: |- LBMonitorProfile required: - LBMonitorProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBMonitorProfile, used in hierarchical API. title: |- Wrapper object for LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBPersistenceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBPersistenceProfile: $ref: '#/definitions/LBPersistenceProfile' description: | Contains the actual LBPersistenceProfile object. title: |- LBPersistenceProfile required: - LBPersistenceProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBPersistenceProfile, used in hierarchical API. title: |- Wrapper object for LBPersistenceProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBPool: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBPool: $ref: '#/definitions/LBPool' description: | Contains the actual LBPool object. title: |- LBPool required: - LBPool type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Child wrapper for LBPool, used in hierarchical API. title: |- Wrapper object for LBPool x-vmw-nsx-module: PolicyLoadBalancer ChildLBServerSslProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBServerSslProfile: $ref: '#/definitions/LBServerSslProfile' description: | Contains the actual LBServerSslProfile object. title: |- LBServerSslProfile required: - LBServerSslProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBServerSslProfile, used in hierarchical API. title: |- Wrapper object for LBServerSslProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBService: $ref: '#/definitions/LBService' description: | Contains the actual LBService object. title: |- LBService required: - LBService type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBService, used in hierarchical API. title: |- Wrapper object for LBService x-vmw-nsx-module: PolicyLoadBalancer ChildLBVirtualServer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBVirtualServer: $ref: '#/definitions/LBVirtualServer' description: | Contains the actual LBVirtualServer object. title: |- LBVirtualServer required: - LBVirtualServer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBVirtualServer, used in hierarchical API. title: |- Wrapper object for LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer ChildLiveTraceConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LiveTraceConfig: $ref: '#/definitions/LiveTraceConfig' description: | The actual LiveTraceConfig object. title: |- LiveTraceConfig required: - LiveTraceConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for LiveTraceConfig for Hierarchical API title: |- Wrapper object for LiveTraceConfig x-vmw-nsx-module: PolicyConnectivity ChildLocaleServices: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LocaleServices: $ref: '#/definitions/LocaleServices' description: | Contains the actual LocaleServices object title: |- LocaleServices required: - LocaleServices type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for LocaleServices, used in hierarchical API title: |- Wrapper object for LocaleServices x-vmw-nsx-module: PolicyConnectivity ChildMacDiscoveryProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: MacDiscoveryProfile: $ref: '#/definitions/MacDiscoveryProfile' description: | Contains the actual MacDiscoveryProfile object title: |- MacDiscoveryProfile required: - MacDiscoveryProfile type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Child wrapper object for MacDiscoveryProfile, used in hierarchical API title: |- Wrapper object for MacDiscoveryProfile x-vmw-nsx-module: PolicyMacDiscovery ChildMetadataProxyConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: MetadataProxyConfig: $ref: '#/definitions/MetadataProxyConfig' description: | Contains the actual MetadataProxyConfig object. title: |- MetadataProxyConfig required: - MetadataProxyConfig type: object x-vmw-nsx-module: PolicyMetadataProxy description: |- Wrapper object for MetadataProxyConfig title: |- Wrapper object for MetadataProxyConfig x-vmw-nsx-module: PolicyMetadataProxy ChildOspfAreaConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: OspfAreaConfig: $ref: '#/definitions/OspfAreaConfig' description: | Contains actual OspfAreaConfig. title: |- OspfAreaConfig required: - OspfAreaConfig type: object x-vmw-nsx-module: PolicyOspf description: |- Child wrapper object for OspfAreaConfig used in hierarchical API. title: |- Wrapper object for OSPF routing config x-vmw-nsx-module: PolicyOspf ChildOspfRoutingConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: OspfRoutingConfig: $ref: '#/definitions/OspfRoutingConfig' description: | Contains actual OspfRoutingConfig. title: |- OspfRoutingConfig required: - OspfRoutingConfig type: object x-vmw-nsx-module: PolicyOspf description: |- Child wrapper object for OspfRoutingConfig used in hierarchical API. title: |- Wrapper object for OSPF routing config x-vmw-nsx-module: PolicyOspf ChildPolicyConfigResource: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: mark_for_override: default: false description: |- Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. title: |- Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. type: boolean marked_for_delete: default: false description: | If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. title: |- Indicates whether the intent object is marked for deletion type: boolean resource_type: type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- Represents an object on the desired state title: |- Represents the desired state object as child resource x-vmw-nsx-module: Policy ChildPolicyContextProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyContextProfile: $ref: '#/definitions/PolicyContextProfile' description: | Contains the actual PolicyContextProfile objects title: |- PolicyContextProfile required: - PolicyContextProfile type: object x-vmw-nsx-module: PolicyContextProfile description: |- Child wrapper object for PolicyContextProfile, used in hierarchical API title: |- Wrapper object for PolicyContextProfile x-vmw-nsx-module: PolicyContextProfile ChildPolicyDnsForwarder: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyDnsForwarder: $ref: '#/definitions/PolicyDnsForwarder' description: | Contains the actual PolicyDnsForwarder object title: |- PolicyDnsForwarder required: - PolicyDnsForwarder type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Child wrapper object for PolicyDnsForwarder, used in hierarchical API title: |- Wrapper object for PolicyDnsForwarder x-vmw-nsx-module: PolicyDnsForwarder ChildPolicyDnsForwarderZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyDnsForwarderZone: $ref: '#/definitions/PolicyDnsForwarderZone' description: | Contains the actual PolicyDnsForwarderZone object title: |- PolicyDnsForwarderZone required: - PolicyDnsForwarderZone type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API title: |- Wrapper object for PolicyDnsForwarderZone x-vmw-nsx-module: PolicyDnsForwarder ChildPolicyEdgeCluster: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyEdgeCluster: $ref: '#/definitions/PolicyEdgeCluster' description: | Contains the actual PolicyEdgeCluster object. title: |- PolicyEdgeCluster required: - PolicyEdgeCluster type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyEdgeCluster, used in hierarchical API. title: |- Wrapper object for PolicyEdgeCluster x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyEdgeNode: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyEdgeNode: $ref: '#/definitions/PolicyEdgeNode' description: | Contains the actual PolicyEdgeNode object. title: |- PolicyEdgeNode required: - PolicyEdgeNode type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyEdgeNode, used in hierarchical API. title: |- Wrapper object for PolicyEdgeNode x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyExcludeList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyExcludeList: $ref: '#/definitions/PolicyExcludeList' description: | Contains the actual policy exclude list object. title: |- PolicyExcludeList required: - PolicyExcludeList type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for PolicyExcludeList title: |- Wrapper object for PolicyExcludeList x-vmw-nsx-module: PolicyFirewallConfiguration ChildPolicyFirewallCPUMemThresholdsProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallCPUMemThresholdsProfileBindingMap: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMap' description: | Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object. title: |- PolicyFirewallCPUMemThresholdsProfileBindingMap required: - PolicyFirewallCPUMemThresholdsProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: | Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap, used in hierarchical API. title: |- Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding ChildPolicyFirewallCpuMemThresholdsProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallCpuMemThresholdsProfile: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' description: | Contains the actual PolicyFirewallCpuMemThresholdsProfile object title: |- PolicyFirewallCpuMemThresholdsProfile required: - PolicyFirewallCpuMemThresholdsProfile type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in hierarchical API. title: |- Wrapper object for PolicyFirewallCpuMemThresholdsProfile x-vmw-nsx-module: PolicyProfile ChildPolicyFirewallFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallFloodProtectionProfileBindingMap: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' description: | Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object title: |- PolicyFirewallFloodProtectionProfileBindingMap required: - PolicyFirewallFloodProtectionProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: | Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap, used in hierarchical API title: |- Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding ChildPolicyFirewallScheduler: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallScheduler: $ref: '#/definitions/PolicyFirewallScheduler' description: | Contains the actual PolicyFirewallScheduler objects title: |- PolicyFirewallScheduler required: - PolicyFirewallScheduler type: object x-vmw-nsx-module: PolicyFirewallScheduler description: |- Child wrapper object for PolicyFirewallScheduler, used in hierarchical API title: |- Wrapper object for PolicyFirewallScheduler x-vmw-nsx-module: PolicyFirewallScheduler ChildPolicyFirewallSessionTimerProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallSessionTimerProfile: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' description: | Contains the actual PolicyFirewallSessionTimerProfile object title: |- PolicyFirewallSessionTimerProfile required: - PolicyFirewallSessionTimerProfile type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: | Child wrapper object for PolicyFirewallSessionTimerProfile, used in hierarchical API title: |- Wrapper object for PolicyFirewallSessionTimerProfile x-vmw-nsx-module: PolicyFirewallSessionTimerProfile ChildPolicyFirewallSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallSessionTimerProfileBindingMap: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' description: | Contains the actual PolicyFirewallSessionTimerProfileBindingMap object title: |- PolicyFirewallSessionTimerProfileBindingMap required: - PolicyFirewallSessionTimerProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: | Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap, used in hierarchical API title: |- Wrapper object for PolicyFirewallSessionTimerProfileBindingMap x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding ChildPolicyIgmpProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyIgmpProfile: $ref: '#/definitions/PolicyIgmpProfile' description: | Contains actual PolicyIgmpProfile. title: |- PolicyIgmpProfile required: - PolicyIgmpProfile type: object x-vmw-nsx-module: PolicyMulticast description: | Child wrapper object for PolicyIgmpProfile used in hierarchical API. title: |- Wrapper object for PolicyIgmpProfile x-vmw-nsx-module: PolicyMulticast ChildPolicyLabel: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLabel: $ref: '#/definitions/PolicyLabel' description: | Contains the actual PolicyLabel object title: |- PolicyLabel required: - PolicyLabel type: object x-vmw-nsx-module: PolicyLabel description: |- Child wrapper object for PolicyLabel, used in hierarchical API title: |- Wrapper object for PolicyLabel x-vmw-nsx-module: PolicyLabel ChildPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbMonitorProfile: $ref: '#/definitions/PolicyLbMonitorProfile' description: | Contains the actual PolicyLbMonitorProfile object title: |- PolicyLbMonitorProfile required: - PolicyLbMonitorProfile type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbMonitorProfile, used in hierarchical API title: |- Wrapper object for PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbPersistenceProfile: $ref: '#/definitions/PolicyLbPersistenceProfile' description: | Contains the actual PolicyLbPersistenceProfile object title: |- PolicyLbPersistenceProfile required: - PolicyLbPersistenceProfile type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbPersistenceProfile, used in hierarchical API title: |- Wrapper object for PolicyLbPersistenceProfile x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbPoolAccess: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbPoolAccess: $ref: '#/definitions/PolicyLbPoolAccess' description: | Contains the actual PolicyLbPoolAccess object title: |- PolicyLbPoolAccess required: - PolicyLbPoolAccess type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for PolicyLbPoolAccess, used in hierarchical API title: |- Wrapper object for PolicyLbPoolAccess x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbRule: $ref: '#/definitions/PolicyLbRule' description: | Contains the actual PolicyLbRule object title: |- PolicyLbRule required: - PolicyLbRule type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for PolicyLbRule, used in hierarchical API title: |- Wrapper object for PolicyLbRule x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbVirtualServer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbVirtualServer: $ref: '#/definitions/PolicyLbVirtualServer' description: | Contains the actual PolicyLbVirtualServer object title: |- PolicyLbVirtualServer required: - PolicyLbVirtualServer type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbVirtualServer, used in hierarchical API title: |- Wrapper object for PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyMulticastConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyMulticastConfig: $ref: '#/definitions/PolicyMulticastConfig' description: | Contains actual PolicyMulticastConfig. title: |- PolicyMulticastConfig required: - PolicyMulticastConfig type: object x-vmw-nsx-module: PolicyMulticast description: |- Child wrapper object for PolicyMulticastConfig used in hierarchical API. title: |- Wrapper object for PolicyMulticastConfig x-vmw-nsx-module: PolicyMulticast ChildPolicyNat: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyNat: $ref: '#/definitions/PolicyNat' description: | Contains the actual PolicyNAT object title: |- PolicyNat required: - PolicyNat type: object x-vmw-nsx-module: PolicyNAT description: |- Child wrapper object for PolicyNat, used in hierarchical API title: |- Wrapper object for PolicyNat x-vmw-nsx-module: PolicyNAT ChildPolicyNatRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyNatRule: $ref: '#/definitions/PolicyNatRule' description: | Contains the actual PolicyNatRule object title: |- PolicyNatRule required: - PolicyNatRule type: object x-vmw-nsx-module: PolicyNAT description: |- Child wrapper object for PolicyNatRule, used in hierarchical API title: |- Wrapper object for PolicyNatRule x-vmw-nsx-module: PolicyNAT ChildPolicyPimProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyPimProfile: $ref: '#/definitions/PolicyPimProfile' description: | Contains actual PolicyPimProfile. title: |- PolicyPimProfile required: - PolicyPimProfile type: object x-vmw-nsx-module: PolicyMulticast description: | Child wrapper object for PolicyPimProfile used in hierarchical API. title: |- Wrapper object for PolicyPimProfile x-vmw-nsx-module: PolicyMulticast ChildPolicySIExcludeList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicySIExcludeList: $ref: '#/definitions/PolicySIExcludeList' description: | Contains the actual policy exclude list object. title: |- PolicySIExcludeList required: - PolicySIExcludeList type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Wrapper object for PolicySIExcludeList title: |- Wrapper object for PolicySIExcludeList x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyServiceChain: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceChain: $ref: '#/definitions/PolicyServiceChain' description: | Contains actual PolicyServiceChain. title: |- PolicyServiceChain required: - PolicyServiceChain type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceInstance used in hierarchical API. title: |- Wrapper object for PolicyServiceChain x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyServiceInstance: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceInstance: $ref: '#/definitions/PolicyServiceInstance' description: | Contains actual PolicyServiceInstance. title: |- PolicyServiceInstance required: - PolicyServiceInstance type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceInstance used in hierarchical API. title: |- Wrapper object for PolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyServiceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceProfile: $ref: '#/definitions/PolicyServiceProfile' description: | Contains actual PolicyServiceProfile. title: |- PolicyServiceProfile required: - PolicyServiceProfile type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceProfile used in hierarchical API. title: |- Wrapper object for PolicyServiceProfile x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyTier1MulticastConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyTier1MulticastConfig: $ref: '#/definitions/PolicyTier1MulticastConfig' description: | Contains actual PolicyTier1MulticastConfig. title: |- PolicyTier1MulticastConfig required: - PolicyTier1MulticastConfig type: object x-vmw-nsx-module: PolicyMulticast description: |- Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API. title: |- Wrapper object for PolicyTier1MulticastConfig x-vmw-nsx-module: PolicyMulticast ChildPolicyTransportZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyTransportZone: $ref: '#/definitions/PolicyTransportZone' description: | Contains the actual PolicyTransportZone object. title: |- PolicyTransportZone required: - PolicyTransportZone type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyTransportZone, used in hierarchical API. title: |- Wrapper object for PolicyTransportZone x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyUrlCategorizationConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyUrlCategorizationConfig: $ref: '#/definitions/PolicyUrlCategorizationConfig' description: | Contains the actual PolicyUrlCategorizationConfig object title: |- URL Categorization Config required: - PolicyUrlCategorizationConfig type: object x-vmw-nsx-module: PolicyUrlCategorization description: |- Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API title: |- Wrapper object for PolicyUrlCategorizationConfig x-vmw-nsx-module: PolicyUrlCategorization ChildPortDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortDiscoveryProfileBindingMap: $ref: '#/definitions/PortDiscoveryProfileBindingMap' description: | Contains the actual PortDiscoveryProfileBindingMap object title: |- PortDiscoveryProfileBindingMap required: - PortDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildPortMirroringProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortMirroringProfile: $ref: '#/definitions/PortMirroringProfile' description: | Contains the actual PortMirroringProfile object title: |- PortMirroringProfile required: - PortMirroringProfile type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Child wrapper object for PortMirroringProfile, used in hierarchical API title: |- Wrapper object for PortMirroringProfile x-vmw-nsx-module: PolicyPortMirroring ChildPortMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortMonitoringProfileBindingMap: $ref: '#/definitions/PortMonitoringProfileBindingMap' description: | Contains the actual PortMonitoringProfileBindingMap object title: |- PortMonitoringProfileBindingMap required: - PortMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildPortQoSProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortQoSProfileBindingMap: $ref: '#/definitions/PortQoSProfileBindingMap' description: | Contains the actual PortQoSProfileBindingMap object title: |- PortQoSProfileBindingMap required: - PortQoSProfileBindingMap type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortQoSProfileBindingMap x-vmw-nsx-module: PolicyQoSProfileBinding ChildPortSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortSecurityProfileBindingMap: $ref: '#/definitions/PortSecurityProfileBindingMap' description: | Contains the actual PortSecurityProfileBindingMap object title: |- PortSecurityProfileBindingMap required: - PortSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortSecurityProfileBindingMap x-vmw-nsx-module: PolicySecurityProfileBinding ChildPrefixList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PrefixList: $ref: '#/definitions/PrefixList' description: | Contains the actual PrefixList object. title: |- PrefixList required: - PrefixList type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for PrefixList, used in hierarchical API. title: |- Wrapper object for PrefixList x-vmw-nsx-module: PolicyConnectivity ChildQoSProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: QoSProfile: $ref: '#/definitions/QoSProfile' description: | Contains the actual QoSProfile object title: |- QoSProfile required: - QoSProfile type: object x-vmw-nsx-module: PolicyQoS description: |- Child wrapper object for QoSProfile, used in hierarchical API title: |- Wrapper object for QoSProfile x-vmw-nsx-module: PolicyQoS ChildReaction: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Reaction: $ref: '#/definitions/Reaction' description: | Contains the actual Reaction object. title: |- Reaction required: - Reaction type: object x-vmw-nsx-module: PolicyReaction description: | Child wrapper object for Reaction used in hierarchical API. title: |- Wrapper object for Reaction x-vmw-nsx-module: PolicyReaction ChildRedirectionPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: RedirectionPolicy: $ref: '#/definitions/RedirectionPolicy' description: | Contains actual RedirectionPolicy. title: |- RedirectionPolicy required: - RedirectionPolicy type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for RedirectionPolicy used in Hierarchical API. title: | Wrapper object for RedirectionPolicy x-vmw-nsx-module: PolicyServiceInsertion ChildRedirectionRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: RedirectionRule: $ref: '#/definitions/RedirectionRule' description: | Contains actual RedirectionRule. title: |- RedirectionRule required: - RedirectionRule type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ChildRedirectionRule used in Hierarchical API. title: | Wrapper object for RedirectionRule x-vmw-nsx-module: PolicyServiceInsertion ChildResourceReference: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: children: description: | subtree for this type within policy tree containing nested elements. items: $ref: '#/definitions/ChildPolicyConfigResource' title: |- subtree for this type within policy tree type: array target_type: description: |- The target type of this reference title: |- The target type of this reference type: string required: - target_type type: object x-vmw-nsx-module: Policy description: |- Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields. title: |- Represents the reference to ChildPolicyConfigResource x-vmw-nsx-module: Policy ChildRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Rule: $ref: '#/definitions/Rule' description: | Contains the actual Rule object title: |- Rule required: - Rule type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for Rule, used in hierarchical API title: |- Wrapper object for Rule x-vmw-nsx-module: Policy ChildSIStatusConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicySIStatusConfiguration: $ref: '#/definitions/PolicySIStatusConfiguration' description: | Contains the actual service insertion status configuration list object. required: - PolicySIStatusConfiguration type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Wrapper object for PolicySIStatusConfiguration title: |- Wrapper object for PolicySIStatusConfiguration x-vmw-nsx-module: PolicyServiceInsertion ChildSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SecurityPolicy: $ref: '#/definitions/SecurityPolicy' description: | Contains the actual SecurityPolicy object title: |- SecurityPolicy required: - SecurityPolicy type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for SecurityPolicy, used in hierarchical API title: |- Wrapper object for SecurityPolicy x-vmw-nsx-module: Policy ChildSegment: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Segment: $ref: '#/definitions/Segment' description: | Contains the actual Segment object. title: |- Segment required: - Segment type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Segment, used in hierarchical API. title: |- Wrapper object for Segment x-vmw-nsx-module: PolicyConnectivity ChildSegmentDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentDiscoveryProfileBindingMap: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' description: | Contains the actual SegmentDiscoveryProfileBindingMap object title: |- SegmentDiscoveryProfileBindingMap required: - SegmentDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildSegmentMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentMonitoringProfileBindingMap: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' description: | Contains the actual SegmentMonitoringProfileBindingMap object title: |- SegmentMonitoringProfileBindingMap required: - SegmentMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildSegmentPort: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentPort: $ref: '#/definitions/SegmentPort' description: | Contains the actual SegmentPort object title: |- SegmentPort required: - SegmentPort type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for SegmentPort, used in hierarchical API title: |- Wrapper object for SegmentPort x-vmw-nsx-module: PolicyConnectivity ChildSegmentQoSProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentQoSProfileBindingMap: $ref: '#/definitions/SegmentQoSProfileBindingMap' description: | Contains the actual SegmentQoSProfileBindingMap object title: |- SegmentQoSProfileBindingMap required: - SegmentQoSProfileBindingMap type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentQoSProfileBindingMap x-vmw-nsx-module: PolicyQoSProfileBinding ChildSegmentSecurityProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentSecurityProfile: $ref: '#/definitions/SegmentSecurityProfile' description: | Contains the actual SegmentSecurityProfile object title: |- SegmentSecurityProfile required: - SegmentSecurityProfile type: object x-vmw-nsx-module: PolicySegmentSecurity description: |- Child wrapper object for SegmentSecurityProfile, used in hierarchical API title: |- Wrapper object for SegmentSecurityProfile x-vmw-nsx-module: PolicySegmentSecurity ChildSegmentSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentSecurityProfileBindingMap: $ref: '#/definitions/SegmentSecurityProfileBindingMap' description: | Contains the actual SegmentSecurityProfileBindingMap object title: |- SegmentSecurityProfileBindingMap required: - SegmentSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentSecurityProfileBindingMap x-vmw-nsx-module: PolicySecurityProfileBinding ChildService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Service: $ref: '#/definitions/Service' description: | Contains the actual Service object. title: |- Service required: - Service type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for Service, used in hierarchical API. title: |- Wrapper object for Service x-vmw-nsx-module: Policy ChildServiceEntry: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Service: $ref: '#/definitions/ServiceEntry' description: | This is a deprecated property, Please use 'ServiceEntry' instead. title: |- ServiceEntry x-deprecated: true ServiceEntry: $ref: '#/definitions/ServiceEntry' description: | Contains the actual ServiceEntry object. title: |- ServiceEntry required: - ServiceEntry type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for ServiceEntry, used in hierarchical API. title: |- Wrapper object for ServiceEntry x-vmw-nsx-module: Policy ChildServiceInstanceEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceInstanceEndpoint: $ref: '#/definitions/ServiceInstanceEndpoint' description: | Contains actual ServiceInstanceEndpoint. title: |- ServiceInstanceEndpoint required: - ServiceInstanceEndpoint type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ServiceInstanceEndpoint used in hierarchical API. title: |- Wrapper object for ServiceInstanceEndpoint x-vmw-nsx-module: PolicyServiceInsertion ChildServiceInterface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceInterface: $ref: '#/definitions/ServiceInterface' description: | Contains the actual ServiceInterface object. title: |- ServiceInterface required: - ServiceInterface type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for ServiceInterface, used in hierarchical API. title: |- Wrapper object for ServiceInterface x-vmw-nsx-module: PolicyConnectivity ChildServiceReference: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceReference: $ref: '#/definitions/ServiceReference' description: | Contains actual ServiceReference. title: |- ServiceReference required: - ServiceReference type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ServiceReference used in hierarchical API. title: |- Wrapper object for ServiceReference x-vmw-nsx-module: PolicyServiceInsertion ChildServiceSegment: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceSegment: $ref: '#/definitions/ServiceSegment' description: | Contains the actual ServiceSegment objects title: |- ServiceSegments required: - ServiceSegment type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for ServiceSegment, used in hierarchical API title: |- Wrapper object for SerivceSegment x-vmw-nsx-module: PolicyConnectivity ChildSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SessionTimerProfileBindingMap: $ref: '#/definitions/SessionTimerProfileBindingMap' description: | Contains the actual SessionTimerProfileBindingMap object title: |- SessionTimerProfileBindingMap required: - SessionTimerProfileBindingMap type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for SessionTimerProfileBindingMap, used in hierarchical API title: |- Wrapper object for SessionTimerProfileBindingMap x-vmw-nsx-module: PolicyProfile ChildSite: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Site: $ref: '#/definitions/Site' description: | Contains the actual Site object. title: |- Site required: - Site type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for Site, used in hierarchical API. title: |- Wrapper object for Site x-vmw-nsx-module: PolicyEnforcementPointManagement ChildSpoofGuardProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SpoofGuardProfile: $ref: '#/definitions/SpoofGuardProfile' description: | Contains the actual SpoofGuardProfile object title: |- SpoofGuardProfile required: - SpoofGuardProfile type: object x-vmw-nsx-module: PolicySpoofGuard description: |- Child wrapper object for SpoofGuardProfile, used in hierarchical API title: |- Wrapper object for SpoofGuardProfile x-vmw-nsx-module: PolicySpoofGuard ChildSslTrustObjectData: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SslTrustObjectData: $ref: '#/definitions/SslTrustObjectData' description: | Contains the actual SslTrustObjectData object title: |- SslTrustObjectData required: - SslTrustObjectData type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for SslTrustObjectData, used in hierarchical API title: |- Wrapper object for SslTrustObjectData x-vmw-nsx-module: TempPolicyLoadBalancer ChildStandaloneHostIdfwConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StandaloneHostIdfwConfiguration: $ref: '#/definitions/StandaloneHostIdfwConfiguration' description: | Contains the actual standalone host idfw configuration object. title: |- StandaloneHostIdfwConfiguration required: - StandaloneHostIdfwConfiguration type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for StandaloneHostIdfwConfiguration title: |- Wrapper object for StandaloneHostIdfwConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration ChildStaticARPConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StaticARPConfig: $ref: '#/definitions/StaticARPConfig' description: | Contains the actual StaticARPConfig object. title: |- StaticARPConfig required: - StaticARPConfig type: object x-vmw-nsx-module: PolicyConnectivity description: | Child wrapper object for StaticARPConfig, used in hierarchical API. title: |- Wrapper object for StaticARPConfig x-vmw-nsx-module: PolicyConnectivity ChildStaticRouteBfdPeer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BfdPeer: $ref: '#/definitions/StaticRouteBfdPeer' description: | Contains the actual StaticRouteBfdPeer object. title: |- Static Route BFD Peer required: - BfdPeer type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for StaticRouteBfdPeer, used in hierarchical API. title: |- Wrapper object for StaticRouteBfdPeer x-vmw-nsx-module: PolicyConnectivity ChildStaticRoutes: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StaticRoutes: $ref: '#/definitions/StaticRoutes' description: | Contains the actual StaticRoutes object. title: |- StaticRoutes required: - StaticRoutes type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for StaticRoutes, used in hierarchical API. title: |- Wrapper object for StaticRoutes x-vmw-nsx-module: PolicyConnectivity ChildTier0: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0: $ref: '#/definitions/Tier0' description: | Contains the actual Tier-0 object. title: |- Tier-0 required: - Tier0 type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier-0, used in hierarchical API. title: |- Wrapper object for Tier-0 x-vmw-nsx-module: PolicyConnectivity ChildTier0DeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0DeploymentMap: $ref: '#/definitions/Tier0DeploymentMap' description: | Contains the actual Tier0DeploymentMap object. title: |- Tier0DeploymentMap required: - Tier0DeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Child wrapper object for Tier0DeploymentMap, used in hierarchical API. title: |- Wrapper object for Tier0DeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildTier0Interface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0Interface: $ref: '#/definitions/Tier0Interface' description: | Contains the actual Tier0Interface object. title: |- Tier0Interface required: - Tier0Interface type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier0Interface, used in hierarchical API. title: |- Wrapper object for Tier0Interface x-vmw-nsx-module: PolicyConnectivity ChildTier0RouteMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0RouteMap: $ref: '#/definitions/Tier0RouteMap' description: | Contains the actual Tier0RouteMap object title: |- Tier0RouteMap required: - Tier0RouteMap type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier0RouteMap, used in hierarchical API title: |- Wrapper object for Tier0RouteMap x-vmw-nsx-module: PolicyConnectivity ChildTier1: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1: $ref: '#/definitions/Tier1' description: | Contains the actual Tier-1 object. title: |- Tier-1 required: - Tier1 type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier-1 , used in hierarchical API. title: |- Wrapper object for Tier-1 x-vmw-nsx-module: PolicyConnectivity ChildTier1DeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1DeploymentMap: $ref: '#/definitions/Tier1DeploymentMap' description: | Contains the actual Tier1DeploymentMap object. title: |- Tier1DeploymentMap required: - Tier1DeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Child wrapper object for Tier1DeploymentMap, used in hierarchical API. title: |- Wrapper object for Tier1DeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildTier1Interface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1Interface: $ref: '#/definitions/Tier1Interface' description: | Contains the actual Tier1Interface object. title: |- Tier1Interface required: - Tier1Interface type: object x-vmw-nsx-module: PolicyConnectivity description: | Child wrapper object for Tier1Interface, used in hierarchical API. title: |- Wrapper object for Tier1Interface x-vmw-nsx-module: PolicyConnectivity ChildTlsCertificate: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsCertificate: $ref: '#/definitions/TlsCertificate' description: | Contains the actual TlsCertificate object. title: |- TlsCertificate required: - TlsCertificate type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsCertificate, used in hierarchical API. title: |- Wrapper object for TlsCertificate x-vmw-nsx-module: PolicyCertificate ChildTlsCrl: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsCrl: $ref: '#/definitions/TlsCrl' description: |- Contains the actual TlsCrl object. title: |- TlsCrl required: - TlsCrl type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsCrl, used in hierarchical API. title: |- Wrapper object for TlsCrl x-vmw-nsx-module: PolicyCertificate ChildTlsTrustData: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsTrustData: $ref: '#/definitions/TlsTrustData' description: | Contains the actual TlsTrustData object. title: |- TlsTrustData required: - TlsTrustData type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsTrustData, used in hierarchical API. title: |- Wrapper object for TlsTrustData x-vmw-nsx-module: PolicyCertificate ChildTraceflowConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TraceflowConfig: $ref: '#/definitions/TraceflowConfig' description: | Contains the actual TraceflowConfig object. title: |- TraceflowConfig required: - TraceflowConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for TraceflowConfig, used in hierarchical API title: |- Wrapper object for TraceflowConfig x-vmw-nsx-module: PolicyConnectivity ChildVirtualEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: VirtualEndpoint: $ref: '#/definitions/VirtualEndpoint' description: | Contains reference to actual VirtualEndpoint. title: |- VirtualEndpoint required: - VirtualEndpoint type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for VirtualEndpoint used in hierarchical API. title: |- Wrapper object for VirtualEndpoint x-vmw-nsx-module: PolicyServiceInsertion ChildVniPoolConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: VniPoolConfig: $ref: '#/definitions/VniPoolConfig' description: | Contains the actual VniPoolConfig object. title: |- VniPoolConfig required: - VniPoolConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for VniPoolConfig, used in hierarchical API. title: |- Wrapper object for VniPoolConfig x-vmw-nsx-module: PolicyConnectivity CidrArrayConstraintValue: allOf: - $ref: '#/definitions/ConstraintValue' - properties: values: description: |- This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 100 minItems: 1 title: |- Array of IP addresses type: array required: - values type: object x-vmw-nsx-module: PolicyConstraints description: |- List of CIDR values title: |- Array of CIDR Values to perform operation x-vmw-nsx-module: PolicyConstraints ClasslessStaticRoute: description: |- DHCP classless static route option. properties: network: description: |- Destination network in CIDR format. format: address-or-block-or-range type: string next_hop: description: |- IP address of next hop of the route. format: ip type: string required: - next_hop - network title: |- DHCP classless static route option type: object x-vmw-nsx-module: Dhcp CloudNativeServiceInstance: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: external_id: description: | Id of service instance fetched from public cloud. readOnly: true title: |- External id of cloud native service instance in the system. type: string service_type: description: |- Type of cloud native service. readOnly: true title: |- Type of cloud native service; possible values are ELB, RDS type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the public cloud gateway that reported the service instance. readOnly: true title: |- Reference of the public cloud gateway type: object x-vmw-nsx-module: InventoryCloudObj description: |- Stores the information about cloud native service instance. x-vmw-nsx-module: InventoryCloudObj ClusterBackupInfo: description: |- Cluster backup details properties: ip_address: description: |- IP address or FQDN of the node from which the backup was taken format: hostname-or-ip readOnly: true title: |- IP address or FQDN of the node from which the backup was taken type: string node_id: description: |- ID of the node from which the backup was taken readOnly: true title: |- ID of the node from which the backup was taken type: string restore_type: default: [] description: |- Type of restore allowed items: enum: - REGULAR_RESTORE - POLICY_ONLY_RESTORE type: string readOnly: true title: |- Type of restore allowed type: array uniqueItems: true timestamp: description: |- timestamp of the cluster backup file format: int64 readOnly: true type: integer title: |- Cluster backup details type: object x-vmw-nsx-module: ClusterRestore ClusterBackupInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of timestamps of backed-up cluster files items: $ref: '#/definitions/ClusterBackupInfo' readOnly: true title: |- List of timestamps of backed-up cluster files type: array type: object x-vmw-nsx-module: ClusterRestore x-vmw-nsx-module: ClusterRestore ClusterRestoreStatus: description: |- Cluster restore status properties: backup_timestamp: description: |- Timestamp when backup was initiated in epoch millisecond format: int64 readOnly: true type: integer endpoints: description: | The list of allowed endpoints, based on the current state of the restore process items: $ref: '#/definitions/ResourceLink' readOnly: true title: | The list of allowed endpoints, based on the current state of the restore process type: array id: description: |- Unique id for backup request readOnly: true title: |- Unique id for backup request type: string instructions: description: |- Instructions for users to reconcile Restore operations items: $ref: '#/definitions/InstructionInfo' readOnly: true title: |- Instructions for users to reconcile Restore operations type: array restore_end_time: description: |- Timestamp when restore was completed in epoch millisecond format: int64 readOnly: true type: integer restore_start_time: description: |- Timestamp when restore was started in epoch millisecond format: int64 readOnly: true type: integer status: $ref: '#/definitions/GlobalRestoreStatus' step: $ref: '#/definitions/RestoreStep' total_steps: description: |- Total number of steps in the entire restore process format: int64 readOnly: true title: |- Total number of steps in the entire restore process type: integer title: |- Cluster restore status type: object x-vmw-nsx-module: ClusterRestore ColumnItem: description: |- Represents a column of the Grid properties: column_identifier: description: |- Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns. title: |- Identifier for this column type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. maxLength: 255 title: |- Id of drilldown widget type: string field: description: |- Field from which values of the column will be derived. maxLength: 1024 title: |- Column Field type: string hidden: default: false description: |- If set to true, hides the column title: |- Hide the column type: boolean label: $ref: '#/definitions/Label' description: |- Label of the column. readOnly: false title: |- Column Label navigation: description: |- Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. maxLength: 1024 title: |- Navigation to a specified UI page type: string render_configuration: description: |- Render configuration to be applied, if any. items: $ref: '#/definitions/RenderConfiguration' title: |- Render Configuration type: array sort_ascending: default: true description: |- If true, the value of the column are sorted in ascending order. Otherwise, in descending order. title: |- Represents order of sorting the values type: boolean sort_key: description: |- Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested. maxLength: 255 title: |- Key for sorting on this column type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over a cell in the grid. items: $ref: '#/definitions/Tooltip' title: |- Multi-line tooltip type: array type: default: String description: |- Data type of the field. enum: - String - Number - Date maxLength: 255 title: |- Field data type type: string required: - field - type - label title: |- Grid Column type: object x-vmw-nsx-module: NsxDashboard CommunicationEntry: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | The action to be applied to all the services. enum: - ALLOW - DROP - REJECT title: |- Action type: string destination_groups: description: | We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Destination group paths type: array direction: default: IN_OUT description: | Define direction of traffic. enum: - IN - OUT - IN_OUT title: |- Direction type: string disabled: default: false description: |- Flag to disable the rule. Default is enabled. readOnly: false title: |- Flag to disable the rule type: boolean logged: default: false description: |- Flag to enable packet logging. Default is disabled. readOnly: false title: |- Enable logging flag type: boolean notes: description: |- Text for additional notes on changes. title: |- Text for additional notes on changes type: string scope: description: | The list of policy paths where the communication entry is applied Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number format: int32 title: |- Sequence number of the this CommunicationEntry type: integer services: description: | In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Names of services type: array source_groups: description: | We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Source group paths type: array tag: description: | User level field which will be printed in CLI and packet logs. maxLength: 32 title: |- Tag applied on the communication entry type: string type: object x-vmw-nsx-module: Policy description: |- A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead. title: |- A communication entry specifies the security policy between the workload groups x-vmw-nsx-module: Policy CommunicationMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: category: description: | - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories. title: |- A way to classify a communication map, if needed. type: string communication_entries: description: |- CommunicationEntries that are a part of this CommunicationMap items: $ref: '#/definitions/CommunicationEntry' title: |- CommunicationEntries that are a part of this CommunicationMap type: array precedence: description: | This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence format: int32 title: |- Precedence to resolve conflicts across Domains type: integer type: object x-vmw-nsx-module: Policy description: | Ordered list of CommunicationEntries. This object is created by default along with the Domain. This type is deprecated. Use the type SecurityPolicy instead. title: |- Contains ordered list of CommunicationEntries x-vmw-nsx-module: Policy CommunityList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: communities: description: | List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported. items: type: string minItems: 1 title: |- List of BGP community entries type: array required: - communities type: object x-vmw-nsx-module: PolicyConnectivity description: |- Community list for BGP routing configuration title: |- Community list for BGP routing configuration x-vmw-nsx-module: PolicyConnectivity CommunityListListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CommunityList results items: $ref: '#/definitions/CommunityList' title: |- CommunityList results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of CommunityLists title: |- Paged collection of CommunityLists x-vmw-nsx-module: PolicyConnectivity CommunityMatchCriteria: description: |- Match criteria based on a community list properties: criteria: description: | Match criteria specified as a community list path or a regular expression. title: |- Match criteria based on community list path or a regular expression type: string match_operator: description: | Match operator for community list entries. Not valid when a regular expression is specified for criteria. enum: - MATCH_ANY - MATCH_ALL - MATCH_EXACT - MATCH_COMMUNITY_REGEX - MATCH_LARGE_COMMUNITY_REGEX title: |- Match operator for community list entries type: string required: - criteria title: |- Match criteria based on a community list type: object x-vmw-nsx-module: PolicyConnectivity CompatibilityDetail: description: | Feature compatibility status details indicating specific site configuration incompatibility with global manager configuration. properties: attributes: description: |- Additional Attributes items: $ref: '#/definitions/OnboardingAttribute' maxItems: 20 readOnly: true title: |- Additional Attributes type: array status_code: description: | Unique integer number indicating configuration incompatibility. format: int64 readOnly: true title: |- Status Code type: integer status_message: description: | A brief explaination of status code. readOnly: true title: |- Status Message type: string title: |- Feature Compatibility Details type: object x-vmw-nsx-module: GmConfigOnboarding ComputeClusterIdfwConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cluster_idfw_enabled: description: |- If set to true, idfw is enabled for this cluster readOnly: false title: |- Idfw enabled flag type: boolean member: $ref: '#/definitions/PolicyResourceReference' description: |- Contains actual policy resource reference object title: |- PolicyResourceReference required: - member - cluster_idfw_enabled type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: | Idfw configuration for enable/disable idfw on cluster level. title: |- Compute cluster idfw configuration x-vmw-nsx-module: PolicyFirewallConfiguration ComputeCollection: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- Local Id of the compute collection in the Compute Manager readOnly: true title: |- Local Id of the compute collection in the Compute Manager type: string external_id: description: | External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC readOnly: true title: | External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC type: string origin_id: description: |- Id of the compute manager from where this Compute Collection was discovered readOnly: true title: |- Id of the compute manager from where this Compute Collection was discovered type: string origin_properties: description: | Key-Value map of additional specific properties of compute collection in the Compute Manager items: $ref: '#/definitions/KeyValuePair' readOnly: true title: | Key-Value map of additional specific properties of compute collection in the Compute Manager type: array origin_type: description: | ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers readOnly: true title: | ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers type: string owner_id: description: |- Id of the owner of compute collection in the Compute Manager readOnly: true title: |- Id of the owner of compute collection in the Compute Manager type: string type: object x-vmw-nsx-module: InventoryCmObj x-vmw-nsx-module: InventoryCmObj Condition: allOf: - $ref: '#/definitions/Expression' - properties: key: description: |- Key enum: - Tag - Name - OSName - ComputerName title: |- Key type: string member_type: description: |- Group member type enum: - IPSet - VirtualMachine - LogicalPort - LogicalSwitch - Segment - SegmentPort title: |- Group member type type: string operator: description: |- operator enum: - EQUALS - CONTAINS - STARTSWITH - ENDSWITH - NOTEQUALS title: |- operator type: string value: description: |- Value minLength: 1 title: |- Value type: string required: - operator - value - key - member_type type: object x-vmw-nsx-module: Policy description: | Represents the leaf level condition. Evaluation of the condition expression will be case insensitive. title: |- Represents the leaf level condition x-vmw-nsx-module: Policy ConditionalValueConstraintExpression: description: | Represents the leaf level expression to restrict the target attribute value based on the set of existing values. Generally, used in combination with RelatedAttributeConditionalExpression to constraint the values related to another attribute on the same resource. This object is always used in conjunction with some exression. Example - { "condition" : { "operator":"INCLUDES", "rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"], "value_constraint": { "resource_type": "ValueConstraintExpression", "operator":"EXCLUDES", "values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"] } } properties: operator: description: |- Set operation to constraint values. enum: - INCLUDES - EXCLUDES - EQUALS title: |- Set operation to constraint values. type: string rhs_value: description: |- List of values. items: type: string title: |- Array of values to perform operation. type: array rhs_value_with_type: $ref: '#/definitions/ConstraintValue' description: |- List of values. title: |- Array of values to perform operation. value_constraint: $ref: '#/definitions/ValueConstraintExpression' description: | Values to apply the conditional constraint on target. title: |- Value Constraint required: - operator - value_constraint title: |- Represents the leaf level conditional value constraint. type: object x-vmw-nsx-module: PolicyConstraints ConfigOnboardingConflictRequest: description: | Config onboarding request to verify conflicts in onboarding configuration on global manager for a site. properties: prefix: description: | User provided prefix string to resolve conflicting site entities. readOnly: true title: |- Prefix string type: string site_id: description: | Site Id. readOnly: true title: |- Site Id type: string suffix: description: | User provided suffix string to resolve conflicting site entities. title: |- Suffix string type: string title: |- Config onboarding conflict Request type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingConflictStatus: description: | Represents config onboarding conflict status on Global Manager. properties: details: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true site_id: description: | Site identifier of the site being onboarded. readOnly: true title: |- Site Id type: string status: description: |- Onboarding Conflict Status enum: - NO_CONFLICTS - CONFLICT_DETECTED readOnly: true type: string title: |- Config onboarding conflict status type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingError: description: | Represents error details in case of system fail to onboard site configuration on global manager. properties: error_code: description: | Error code for errors found during onboarding process. format: int64 readOnly: true title: |- Error Code type: integer error_message: description: | Failure reason during onboarding process. readOnly: true title: |- Error message type: string title: |- Config Onboarding Error type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingInProgressStatus: description: | Represents config onboarding status including processing phase compared to of total number of phases to complete config onboarding. properties: current_step: description: | Represent intermidiate phase when onboarding or rollback is in-progress on global manager. format: int64 readOnly: true title: |- Current Onboarding Step type: integer feature: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true stage: description: | Represents intermediate on-boarding stages on global manager or corresponding site manager. enum: - LM_MIGRATION - LM_SYNCHRONIZATION - GM_PERSISTENCE - GM_TRANSFORMATION - GM_PROCESSING_DONE - GM_ROLLBACK - GM_ROLLBACK_DONE readOnly: true type: string total_steps: description: | Total number of phases involved in onboarding workflow. format: int64 readOnly: true title: |- Total number of Onboarding Steps type: integer title: |- Config Onboarding in-progress status type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingRequest: description: | Config onboarding request to initiate onboarding workflow on global manager for a site. properties: prefix: description: | User provided prefix string to resolve conflicting site entities. readOnly: true title: |- Prefix string type: string site_backup_reference: description: | Site backup image details to hint user to restore site before starting onboarding process. readOnly: true title: |- Site Backup Reference type: string site_id: description: | Site Id. readOnly: true title: |- Site Id type: string suffix: description: | User provided suffix string to resolve conflicting site entities. title: |- Suffix string type: string title: |- Config onboarding Request type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingStatus: description: | Represents config onboarding status on Global Manager. properties: details: $ref: '#/definitions/ConfigOnboardingStatusDetails' readOnly: true site_id: description: | Site identifier of the site being onboarded. readOnly: true title: |- Site Id type: string status: description: |- Onboarding Status enum: - ALLOWED - BLOCKED_FEATURE_CHECK - BLOCKED_CONFIG_CONFLICT_CHECK - BLOCKED_SITE_RESTORE_PENDING - BLOCKED_FULLSYNC_PENDING - BLOCKED_USER_REJECT - BLOCKED_SITE_NOT_REACHABLE - CONTINUE_RESOLUTION_NEEDED - IN_PROGRESS - FAILED_GM_ROLLBACK_IN_PROGRESS - SUCCESS readOnly: true type: string supported_features: description: | List of supported features on global manager. items: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true title: |- List of supported features type: array timestamp: description: | Onboarding status as of current timestamp. format: int64 readOnly: false type: integer unsupported_features: description: | List of unsupported features on global manager. items: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true title: |- List of unsupported features type: array required: - timestamp title: |- Config on-boarding status type: object x-vmw-nsx-module: GmConfigOnboarding ConfigOnboardingStatusDetails: description: | Represents config on-boarding progress phase details per feature information with progress metric like completed entity count against total number of entities. properties: error_messages: items: $ref: '#/definitions/ConfigOnboardingError' readOnly: true type: array import_progress: $ref: '#/definitions/ConfigOnboardingInProgressStatus' readOnly: true revert_progress: $ref: '#/definitions/ConfigOnboardingInProgressStatus' readOnly: true site_backup_reference: description: | Site backup image details to hint user to restore site before starting onboarding process. readOnly: true title: |- Site Backup Reference type: string title: |- Config on-boarding status details type: object x-vmw-nsx-module: GmConfigOnboarding ConfigurationState: description: |- Describes status of configuration of an entity properties: details: description: |- Array of configuration state of various sub systems items: $ref: '#/definitions/ConfigurationStateElement' readOnly: true title: |- Array of configuration state of various sub systems type: array failure_code: description: |- Error code format: int64 readOnly: true title: |- Error code type: integer failure_message: description: |- Error message in case of failure readOnly: true title: |- Error message in case of failure type: string state: description: | Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. enum: - pending - in_progress - success - failed - partial_success - orphaned - unknown - error - in_sync - NOT_AVAILABLE - VM_DEPLOYMENT_QUEUED - VM_DEPLOYMENT_IN_PROGRESS - VM_DEPLOYMENT_FAILED - VM_POWER_ON_IN_PROGRESS - VM_POWER_ON_FAILED - REGISTRATION_PENDING - NODE_NOT_READY - NODE_READY - VM_POWER_OFF_IN_PROGRESS - VM_POWER_OFF_FAILED - VM_UNDEPLOY_IN_PROGRESS - VM_UNDEPLOY_FAILED - VM_UNDEPLOY_SUCCESSFUL - EDGE_CONFIG_ERROR - VM_DEPLOYMENT_RESTARTED - REGISTRATION_FAILED - TRANSPORT_NODE_SYNC_PENDING - TRANSPORT_NODE_CONFIGURATION_MISSING - EDGE_HARDWARE_NOT_SUPPORTED - MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED - TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER - TZ_ENDPOINTS_NOT_SPECIFIED - NO_PNIC_PREPARED_IN_EDGE - APPLIANCE_INTERNAL_ERROR - VTEP_DHCP_NOT_SUPPORTED - UNSUPPORTED_HOST_SWITCH_PROFILE - UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED - HOSTSWITCH_PROFILE_NOT_FOUND - LLDP_SEND_ENABLED_NOT_SUPPORTED - UNSUPPORTED_NAMED_TEAMING_POLICY - LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM - LACP_NOT_SUPPORTED_FOR_EDGE_VM - STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM - MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE - UNSUPPORTED_LACP_LB_ALGO_FOR_NODE - EDGE_NODE_VERSION_NOT_SUPPORTED - NO_PNIC_SPECIFIED_IN_TN - INVALID_PNIC_DEVICE_NAME - TRANSPORT_NODE_READY - VM_NETWORK_EDIT_PENDING - UNSUPPORTED_DEFAULT_TEAMING_POLICY - MPA_DISCONNECTED - VM_RENAME_PENDING - VM_CONFIG_EDIT_PENDING - VM_NETWORK_EDIT_FAILED - VM_RENAME_FAILED - VM_CONFIG_EDIT_FAILED - VM_CONFIG_DISCREPANCY - VM_NODE_REFRESH_FAILED - VM_PLACEMENT_REFRESH_FAILED - REGISTRATION_TIMEDOUT - REPLACE_FAILED - UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED - LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING - DELETE_VM_IN_REDEPLOY_FAILED - DEPLOY_VM_IN_REDEPLOY_FAILED - INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE readOnly: true title: |- Overall state of desired configuration type: string title: |- Describes status of configuration of an entity type: object x-vmw-nsx-module: Common ConfigurationStateElement: description: |- Describes status of configuration of an entity properties: failure_code: description: |- Error code format: int64 readOnly: true title: |- Error code type: integer failure_message: description: |- Error message in case of failure readOnly: true title: |- Error message in case of failure type: string state: description: |- State of configuration on this sub system enum: - in_progress - success - failed - partial_success - in_sync - VM_DEPLOYMENT_FAILED - VM_POWER_ON_FAILED - VM_POWER_OFF_FAILED - VM_UNDEPLOY_FAILED - REPLACE_FAILED - UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED - LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING - DELETE_VM_IN_REDEPLOY_FAILED - DEPLOY_VM_IN_REDEPLOY_FAILED - INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE - EDGE_CONFIG_ERROR - REGISTRATION_FAILED - TRANSPORT_NODE_CONFIGURATION_MISSING - EDGE_HARDWARE_NOT_SUPPORTED - MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED - TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER - TZ_ENDPOINTS_NOT_SPECIFIED - NO_PNIC_PREPARED_IN_EDGE - APPLIANCE_INTERNAL_ERROR - VTEP_DHCP_NOT_SUPPORTED - UNSUPPORTED_HOST_SWITCH_PROFILE - UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED - HOSTSWITCH_PROFILE_NOT_FOUND - LLDP_SEND_ENABLED_NOT_SUPPORTED - UNSUPPORTED_NAMED_TEAMING_POLICY - LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM - LACP_NOT_SUPPORTED_FOR_EDGE_VM - STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM - MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE - UNSUPPORTED_LACP_LB_ALGO_FOR_NODE - EDGE_NODE_VERSION_NOT_SUPPORTED - NO_PNIC_SPECIFIED_IN_TN - INVALID_PNIC_DEVICE_NAME - UNSUPPORTED_DEFAULT_TEAMING_POLICY - MPA_DISCONNECTED - VM_NETWORK_EDIT_PENDING - VM_RENAME_PENDING - VM_CONFIG_EDIT_PENDING - VM_NETWORK_EDIT_FAILED - VM_RENAME_FAILED - VM_CONFIG_EDIT_FAILED - VM_CONFIG_DISCREPANCY - VM_NODE_REFRESH_FAILED - VM_PLACEMENT_REFRESH_FAILED - NOT_AVAILABLE - REGISTRATION_TIMEDOUT - pending - orphaned - unknown - error readOnly: true title: |- State of configuration on this sub system type: string sub_system_address: description: |- URI of backing resource on sub system readOnly: true title: |- URI of backing resource on sub system type: string sub_system_id: description: |- Identifier of backing resource on sub system readOnly: true title: |- Identifier of backing resource on sub system type: string sub_system_name: description: |- Name of backing resource on sub system readOnly: true title: |- Name of backing resource on sub system type: string sub_system_type: description: |- Type of backing resource on sub system readOnly: true title: |- Type of backing resource on sub system type: string title: |- Describes status of configuration of an entity type: object x-vmw-nsx-module: Common ConflictingEntityListResponse: description: |- List of Features with conflict information properties: example: $ref: '#/definitions/OnboardingFeatureInfo' description: | Conflict example readOnly: true title: |- Conflict example feature_compability_data: items: $ref: '#/definitions/FeatureCompatibilityInfo' maxItems: 100 readOnly: true type: array feature_descendants: items: $ref: '#/definitions/FeatureConflictInfo' readOnly: true type: array feature_summary: $ref: '#/definitions/FeatureSummary' readOnly: true infra_descendants: items: $ref: '#/definitions/FeatureConflictInfo' readOnly: true type: array title: |- List of Features with conflict information type: object x-vmw-nsx-module: GmConfigOnboarding ConjunctionOperator: allOf: - $ref: '#/definitions/Expression' - properties: conjunction_operator: description: |- Conjunction Operator Node enum: - OR - AND title: |- Conjunction Operator Node type: string required: - conjunction_operator type: object x-vmw-nsx-module: Policy description: |- Represents the operators AND or OR. title: |- Represents the operators AND or OR x-vmw-nsx-module: Policy ConnectivityAdvancedConfig: description: |- Advanced configuration for Policy connectivity properties: connectivity: default: 'ON' description: | Connectivity configuration to manually connect (ON) or disconnect (OFF) a Tier1 segment from corresponding Tier1 gateway. Only valid for Tier1 Segments. This property is ignored for L2 VPN extended segments when subnets property is not specified. enum: - 'ON' - 'OFF' title: |- Connectivity configuration type: string title: |- Advanced configuration for Policy connectivity type: object x-vmw-nsx-module: PolicyConnectivity ConsolidatedEffectiveIPAddressMemberListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of site wise consolidated effective ip addresses for the given NSGroup items: $ref: '#/definitions/EffectiveIPInfo' title: |- Paged Collection of site wise consolidated effective ip addresses for the given NSGroup type: array required: - results type: object x-vmw-nsx-module: GroupingObjectsProviders x-vmw-nsx-module: GroupingObjectsProviders ConsolidatedRealizedStatus: allOf: - $ref: '#/definitions/AggregatePolicyRuntimeInfo' - properties: consolidated_status: $ref: '#/definitions/ConsolidatedStatus' description: |- Consolidated Realized Status across enforcement points. readOnly: true title: |- Consolidated Realized Status consolidated_status_per_enforcement_point: description: |- List of Consolidated Realized Status per enforcement point. items: $ref: '#/definitions/ConsolidatedStatusPerEnforcementPoint' readOnly: true title: |- List of Consolidated Realized Status per Enforcement Point type: array intent_version: description: |- Represent highest intent version across all realized objects readOnly: true title: |- Intent version for the status type: string publish_status: description: |- Aggregated Realization state of this object enum: - UNAVAILABLE - UNREALIZED - REALIZED - ERROR title: |- Aggregated Realization state of this object type: string required: - publish_status type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status of an intent object across enforcement points. title: |- Consolidated Realized Status for an Intent Object x-vmw-nsx-module: PolicyRealizedState ConsolidatedStatus: description: | Consolidated Status of an intent object. Status Consolidation of an intent happens at multiple levels: - Per Enforcement Point: calculation of the consolidated status is performed using all realized entities that the intent objet maps to on a specific enforcement point. - Across Enforcement Points: calculation of the consolidated status is performend aggregating the consolidated status from each enforcement point. properties: consolidated_status: description: |- Consolidated Realized Status of an intent object. enum: - SUCCESS - IN_PROGRESS - ERROR - UNKNOWN - UNINITIALIZED readOnly: true type: string title: |- Consolidated Status type: object x-vmw-nsx-module: PolicyRealizedState ConsolidatedStatusNsxT: allOf: - $ref: '#/definitions/ConsolidatedStatusPerEnforcementPoint' - properties: enforced_status: $ref: '#/definitions/EnforcedStatusDetailsNsxT' description: | Detailed Realized Status inherent to an NSX-T Enforcement Point. readOnly: true title: |- Enforced Realized Status type: object x-vmw-nsx-module: PolicyRealizationStatus description: | Detailed Realized Status of an intent object on an NSX-T type of enforcement point. title: |- NSX-T Consolidated Status x-vmw-nsx-module: PolicyRealizationStatus ConsolidatedStatusPerEnforcementPoint: allOf: - $ref: '#/definitions/BaseConsolidatedStatusPerEnforcementPoint' - type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status Per Enforcement Point. title: |- Consolidated Realized Status Per Enforcement Point x-vmw-nsx-module: PolicyRealizedState ConstantFieldValue: allOf: - $ref: '#/definitions/FieldSettingValue' - properties: constant: description: | Constant Value that the field must be set to. title: |- Constant Value type: object type: object x-vmw-nsx-module: PolicyReaction description: |- Constant Field Value. title: |- Constant Field Value x-vmw-nsx-module: PolicyReaction Constraint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: constraint_expression: $ref: '#/definitions/ConstraintExpression' description: |- Expression to constrain the target attribute value. title: |- Expression to constrain the target attribute value. message: description: |- User friendly message to be shown to users upon violation. title: |- User friendly message to be shown to users upon violation. type: string target: $ref: '#/definitions/ConstraintTarget' description: |- Target resource attribute details. title: |- Target resource attribute details. required: - constraint_expression - target type: object x-vmw-nsx-module: PolicyConstraints description: | Constraint object to constraint any attribute on a resource based on specified expression. Example- Restrict the allowed services in Edge Communication Entry to list of services, if the destinationGroups contain vCenter. { "target":{ "target_resource_type":"CommunicationEntry", "attribute":"services", "path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries" } "constraint_expression":{ "related_attribute":{ "attribute":"destinationGroups" } "condition":{ "operator":"INCLUDES", "rhs_value":{"vCenter"} "value_constraint":{ "operator":"ALLOW", "values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...} } } } } title: |- Constraint definition. x-vmw-nsx-module: PolicyConstraints ConstraintExpression: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: resource_type: enum: - ValueConstraintExpression - RelatedAttributeConditionalExpression - EntityInstanceCountConstraintExpression - FieldSanityConstraintExpression type: string required: - resource_type type: object x-vmw-nsx-module: PolicyConstraints description: | All the types of the expression extend from this abstract class. This is present for extensibility. title: |- Base class for constraint expression x-vmw-nsx-module: PolicyConstraints ConstraintListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Constraint list results items: $ref: '#/definitions/Constraint' title: |- Constraint list results type: array required: - results type: object x-vmw-nsx-module: PolicyConstraints description: |- Paged Collection of Constraints title: |- Paged Collection of Constraints x-vmw-nsx-module: PolicyConstraints ConstraintTarget: description: | Resource attribute on which constraint should be applied. Example - sourceGroups attribute of Edge CommunicationEntry to be restricted, is given as: { "target_resource_type":"CommunicationEntry", "attribute":"sourceGroups", "path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries" } properties: attribute: description: |- Attribute name of the target entity. title: |- Attribute name of the target entity. type: string path_prefix: description: | Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. title: | Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. type: string target_resource_type: description: |- Resource type of the target entity. title: |- Resource type of the target entity. type: string required: - target_resource_type title: |- Resource attribute on which constraint should be applied. type: object x-vmw-nsx-module: PolicyConstraints ConstraintValue: description: | All the types of value extend from this abstract class. This is present for extensibility. discriminator: resource_type properties: resource_type: enum: - StringArrayConstraintValue - CidrArrayConstraintValue - IntegerArrayConstraintValue type: string required: - resource_type title: |- Base class for each value configuration type: object x-vmw-nsx-module: PolicyConstraints ContainerApplication: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster this container application belongs to. readOnly: true title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this container application belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: | Identifier of the container application on container cluster e.g. PCF app id, k8s service id. readOnly: false title: |- External identifier of the container application type: string network_errors: description: |- List of network errors related to container application. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container application. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container application type: string origin_properties: description: | Array of additional specific properties of container application in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array status: description: |- Status of the container application. enum: - UNKNOWN - HEALTHY - UP - DOWN - DEGRADED readOnly: false title: |- Status of the container application type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Container application within a project. title: |- Container application within a project x-vmw-nsx-module: InventoryContainerObj ContainerApplicationInstance: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cluster_node_id: description: |- Cluster node id where application instance is running. readOnly: false title: |- Cluster node id type: string container_application_ids: description: |- List of identifiers of the container application. items: type: string readOnly: false title: |- Identifiers of the container application type: array container_cluster_id: description: |- Identifier of the container cluster this application instance belongs to. readOnly: true title: |- Identifier of the container cluster type: string container_project_id: description: | Identifier of the container project which this container application instance belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container application instance on container cluster. readOnly: false title: |- External identifier of the container application instance type: string network_errors: description: |- List of network errors related to container application instance. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container application instance. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container application instance type: string origin_properties: description: | Array of additional specific properties of container application instance in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array status: description: |- Status of the container application instance. enum: - UNKNOWN - HEALTHY - UP - DOWN - DEGRADED readOnly: false title: |- Status of the container application instance type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Container application instance within a project. title: |- Container Application Instance x-vmw-nsx-module: InventoryContainerObj ContainerCluster: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cluster_type: description: | Type of the container cluster. In case of creating container cluster first time, it is expected to pass the valid cluster-type. In case of update, if there is no change in cluster-type, then this field can be omitted in the request. enum: - PAS - PKS - Kubernetes - Openshift - WCP - WCP_Guest - Other readOnly: false title: |- Type of the container cluster type: string external_id: description: |- External identifier of the container cluster. readOnly: false title: |- External identifier of the container cluster type: string infrastructure: $ref: '#/definitions/ContainerInfrastructureInfo' description: | Details of underlying infrastructure that hosts the container cluster. In case of creating container cluster first time, it is expected to pass the valid infrastructure. In case of update, if there is no change in cluster-type, then this field can be omitted in the request. readOnly: false title: |- Details of infrastructure for the container cluster network_errors: description: |- List of network errors related to container cluster. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container cluster. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container cluster type: string origin_properties: description: | Array of additional specific properties of container cluster in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of container cluster. title: |- Container cluster x-vmw-nsx-module: InventoryContainerObj ContainerClusterNode: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- External identifier of the container cluster. readOnly: false title: |- External identifier of the container cluster type: string external_id: description: | External identifier of the container cluster node in K8S/PAS. readOnly: false title: |- External identifier of the container cluster node type: string ip_addresses: description: |- List of IP addresses of container cluster node. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: false title: |- IP Addresses of Node type: array network_errors: description: |- List of network errors related to container cluster node. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container cluster node. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container cluster node type: string origin_properties: description: | Array of additional specific properties of container cluster node in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of container cluster node i.e. container host. title: |- Container cluster node x-vmw-nsx-module: InventoryContainerObj ContainerConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: header: $ref: '#/definitions/Header' labels: description: |- Labels for the container. items: $ref: '#/definitions/Label' minItems: 0 title: |- Labels type: array layout: $ref: '#/definitions/Layout' description: |- Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. title: |- Layout of widgets inside container navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string widgets: description: |- If not specified, creates an empty container. items: $ref: '#/definitions/WidgetItem' minItems: 0 title: |- Widgets held by the container type: array type: object x-vmw-nsx-module: NsxDashboard description: |- Represents a container to group widgets that belong to a common category or have a common purpose. title: |- Container that holds widgets x-vmw-nsx-module: NsxDashboard ContainerInfrastructureInfo: description: | Details of infrastructure hosting the container cluster e.g. vSphere, AWS, VMC etc.. properties: infra_type: description: |- Type of the infrastructure. enum: - vSphere - AWS - Azure - VMC - KVM - Baremetal readOnly: false title: |- Type of the infrastructure type: string required: - infra_type title: |- Details of container infrastructure type: object x-vmw-nsx-module: InventoryContainerObj ContainerIngressPolicy: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_application_ids: description: | List of identifiers of the container application , on which ingress policy is applied. e.g. IDs of all services on which the ingress is applied in kubernetes. items: type: string readOnly: false title: |- Identifiers of the container application type: array container_cluster_id: description: |- Identifier of the container cluster this ingress policy belongs to. readOnly: false title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this container ingress belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container ingress policy. readOnly: false title: |- External identifier of the container ingress policy type: string network_errors: description: |- List of network errors related to container ingress. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container ingress. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container ingress type: string origin_properties: description: | Array of additional specific properties of container ingress in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array spec: description: |- Container ingress policy specification. readOnly: false title: |- Container ingress policy specification type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of Container Ingress Policy. title: |- Container Ingress Policy x-vmw-nsx-module: InventoryContainerObj ContainerNetworkPolicy: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster this network policy belongs to. readOnly: false title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this network policy belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container network policy. readOnly: false title: |- External identifier of the container network policy type: string network_errors: description: |- List of network errors related to container network policy. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container network policy. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container network policy type: string origin_properties: description: | Array of additional specific properties of container network policy in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array policy_type: description: |- Type e.g. Network Policy, ASG. enum: - NETWORK_POLICY - ASG readOnly: false title: |- Type type: string spec: description: |- Container network policy specification. readOnly: false title: |- Container network policy specification type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Network policy applied to container. title: |- Container Network Policy x-vmw-nsx-module: InventoryContainerObj ContainerProject: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster to which this project/namespace belongs. readOnly: false title: |- Identifier of the container cluster type: string external_id: description: |- External identifier of the container project. readOnly: false title: |- External identifier of the container project type: string network_errors: description: |- List of network errors related to container project. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container project. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container project type: string origin_properties: description: | Array of additional specific properties of container project in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of org/namespace within a container cluster. title: |- Container project within a container cluster x-vmw-nsx-module: InventoryContainerObj ContextProfileAttributesMetadata: description: |- Key value structure for holding metadata of context profile attributes properties: key: description: |- Key for metadata title: |- Key for metadata type: string value: description: |- Value for metadata key title: |- Value for metadata key type: string required: - value - key title: |- Key value structure for holding metadata of context profile attributes type: object x-vmw-nsx-module: PolicyContextProfile CountActionArgument: properties: count_type: description: |- Type of count enum: - ALL - INTERFACE_ONLY readOnly: true title: |- Type of count type: string type: object x-vmw-nsx-module: LiveTrace CountActionConfig: properties: action_argument: $ref: '#/definitions/CountActionArgument' description: |- The count action argument title: |- The count action argument required: - action_argument type: object x-vmw-nsx-module: LiveTrace Criterion: description: | Event Criterion is the logical evaluations by which the event may be deemed fulfilled. All the evaluations must be met in order for the criterion to be met (implicit AND). properties: evaluations: description: | Criterion Evaluations. items: $ref: '#/definitions/Evaluation' minItems: 1 title: |- Criterion Evaluations type: array required: - evaluations title: |- Event Criterion type: object x-vmw-nsx-module: PolicyReaction Crl: allOf: - $ref: '#/definitions/ManagedResource' - properties: details: $ref: '#/definitions/X509Crl' description: |- Details of the X509Crl object. readOnly: true pem_encoded: description: |- PEM encoded CRL data. readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager CrlDistributionPoint: allOf: - $ref: '#/definitions/ManagedResource' - properties: cdp_uri: description: |- CRL Distribution Point URI where to fetch the CRL. maxLength: 255 readOnly: true title: |- CDP URI type: string issuer: description: |- Issuer of the CRL, referring to the CA. maxLength: 255 readOnly: true title: |- Issuer type: string type: object x-vmw-nsx-module: CertificateManager description: |- Reference to a CRL Distribution Point where to fetch a CRL title: |- Reference to a CRL Distribution Point where to fetch a CRL x-vmw-nsx-module: CertificateManager CrlDistributionPointList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CrlDistributionPoint list. items: $ref: '#/definitions/CrlDistributionPoint' readOnly: false type: array required: - results type: object x-vmw-nsx-module: CertificateManager description: |- CrlDistributionPoint query result title: |- CrlDistributionPoint query result x-vmw-nsx-module: CertificateManager CrlDistributionPointStatus: description: |- Reference to a CRL Distribution Point where to fetch a CRL properties: error_message: description: |- Error message when fetching the CRL failed. readOnly: true title: |- Error Message type: string status: description: |- Status of the fetched CRL for this CrlDistributionPoint enum: - NOT_READY - FETCHING - READY - ERROR readOnly: true type: string title: |- Reference to a CRL Distribution Point where to fetch a CRL type: object x-vmw-nsx-module: CertificateManager CrlList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CRL list. items: $ref: '#/definitions/Crl' readOnly: true type: array type: object x-vmw-nsx-module: CertificateManager description: |- Crl queries result title: |- Crl queries result x-vmw-nsx-module: CertificateManager CrlObjectData: allOf: - $ref: '#/definitions/ManagedResource' - properties: pem_encoded: description: |- PEM encoded CRL data. readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager CrlPemRequestType: description: |- Request Type to get a CRL's PEM file. properties: cdp_uri: description: |- CRL Distribution Point URI where to fetch the CRL. maxLength: 255 readOnly: true title: |- CDP URI type: string title: |- Request Type to get a CRL's PEM file. type: object x-vmw-nsx-module: CertificateManager CryptoAlgorithm: properties: key_size: description: |- Supported key sizes for the algorithm. items: description: |- Crypto key size format: int64 type: integer readOnly: true type: array name: description: |- Crypto algorithm name. readOnly: true type: string type: object x-vmw-nsx-module: CertificateManager Csr: allOf: - $ref: '#/definitions/ManagedResource' - properties: algorithm: description: |- Cryptographic algorithm(asymmetric ) used by the public key for data encryption. enum: - RSA readOnly: false type: string key_size: description: |- Size measured in bits of the public key used in a cryptographic algorithm. format: int64 readOnly: false type: integer pem_encoded: description: |- PEM encoded certificate data. readOnly: true type: string subject: $ref: '#/definitions/Principal' description: |- The certificate owner's information. (CN, O, OU, C, ST, L) readOnly: false required: - key_size - algorithm - subject type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager CsrList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CSR list. items: $ref: '#/definitions/Csr' readOnly: false type: array required: - results type: object x-vmw-nsx-module: CertificateManager description: |- Csr queries result title: |- Csr queries result x-vmw-nsx-module: CertificateManager CsvListResult: description: |- Base type for CSV result. properties: file_name: description: |- File name set by HTTP server if API returns CSV result as a file. title: |- File name type: string type: object x-vmw-nsx-module: CsvTypes CsvRecord: description: |- Base type for CSV records. type: object x-vmw-nsx-module: CsvTypes CurrentBackupOperationStatus: description: |- Current backup operation status properties: backup_id: description: |- Unique identifier of current backup title: |- Unique identifier of current backup type: string current_step: description: |- Current step of operation enum: - BACKUP_CREATING_CLUSTER_BACKUP - BACKUP_CREATING_NODE_BACKUP title: |- Current step of operation type: string current_step_message: description: |- Additional human-readable status information about current step title: |- Additional human-readable status information about current step type: string end_time: description: |- Time when operation is expected to end format: int64 type: integer operation_type: description: | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. enum: - NONE - BACKUP title: | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. type: string start_time: description: |- Time when operation was started format: int64 type: integer required: - operation_type title: |- Current backup operation status type: object x-vmw-nsx-module: BackupConfiguration CustomPolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - COOKIE persistence allows related client connections, identified by the same cookie in HTTP requests [Refer to HTTP Cookie for details on HTTP cookies], to be redirected to the same server. Load balancer does not maintain any persistence table for cookie persistence. Instead, it encodes the necessary information in the HTTP cookie value sent to client and relies on the client to store it and send it back in subsequent related HTTP requests. Hence there is no limit on the number of cookie persistence entries that can be supported. - SOURCE_IP persistence ensures all connections from a client (identified by IP address) are sent to the same backend server for a specified period. - This object is not required and without creation of this object the virtual server persistence is disabled by default enum: - COOKIE - SOURCE_IP title: |- Persistence method used by PolicyLbVirtualServer(s) type: string persistence_shared: default: false description: | Persistence shared setting indicates that all PolicyLbVirtualServers that consume this PolicyLbPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistenct type, the persistence table will be shared across virtual servers. title: |- Persistence shared across PolicyLbVirtualServers type: boolean required: - persistence type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for Custom type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer CustomPolicyLbVirtualServer: allOf: - $ref: '#/definitions/HttpPolicyLbVirtualServer' - properties: app_protocol: description: | As the custom type allows for more complex settings than the simplified PolicyLbVirtualServer types, also specify the desired protocol for receiving all client connections. enum: - TCP - UDP - HTTP - HTTPS title: |- Application protocol for receiving client connections type: string client_ssl_certificate_ids: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection items: type: string title: |- ssl certificates type: array client_ssl_settings: default: HIGH_SECURE_111317 description: | Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 title: |- Security profile setting type: string default_client_ssl_certificate_id: description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- ssl certificate type: string server_auth_ca_certificate_ids: description: | To support client authentication (load balancer acting as a client authenticating to the backend server), server_ssl_certificate_id can be specified. When supplied, the backend server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. items: type: string title: |- ssl certificate type: array server_ssl_settings: default: DISABLED description: | Indicates whether to enable server side SSL. Server side SSL will be enabled when a specific security setting is selected. The selected security setting or profile represents various configurations related to SSL when the VirtualServer acts as a client connecting over SSL to the backend server. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED title: |- Security profile setting type: string required: - app_protocol type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over a specified protocol and distributes them among the backend servers. This custom type allows for more complex settings than the simplified PolicyLbVirtualServer types. This object allows for complex configurations for PolicyLbVirtualServers of all types. All HTTP specific inputs will be rejected when combined with TPC or UDP protocols. title: |- PolicyLbVirtualServer handling connections over HTTP or HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer CustomWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: ui_component_identifier: description: |- User defined component selector to be rendered inside view/container. title: |- UI identifier for component to be rendered inside view/container type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets. title: |- Custom widget Configuration x-vmw-nsx-module: NsxDashboard CvxConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username. title: |- Username type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to a CVX type of enforcement point. title: |- CVX Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement DNSForwarderStatisticsPerEnforcementPoint: description: | DNS forwarder statistics per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the statistics are fetched. readOnly: true title: |- Enforcement point path type: string resource_type: enum: - NsxTDNSForwarderStatistics type: string required: - resource_type title: |- DNS forwarder statistics per enforcement point type: object x-vmw-nsx-module: PolicyDNSStatistics DNSForwarderStatusPerEnforcementPoint: description: | DNS forwarder status per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the status is fetched. readOnly: true title: |- Enforcement point path type: string resource_type: enum: - NsxTDNSForwarderStatus type: string required: - resource_type title: |- DNS forwarder status per enforcement point type: object x-vmw-nsx-module: PolicyDNSStatistics DataCounter: properties: dropped: description: |- The dropped packets or bytes format: int64 title: |- The dropped packets or bytes type: integer multicast_broadcast: description: |- The multicast and broadcast packets or bytes format: int64 title: |- The multicast and broadcast packets or bytes type: integer total: description: |- The total packets or bytes format: int64 title: |- The total packets or bytes type: integer required: - total type: object x-vmw-nsx-module: AggSvcL2Types DataSourceParameters: properties: source: description: |- The data source, either realtime or cached. If not provided, cached data is returned. enum: - realtime - cached type: string type: object x-vmw-nsx-module: Types Datasource: description: |- An instance of a datasource configuration. properties: display_name: description: |- Name of a datasource instance. maxLength: 255 title: |- Datasource instance's display name type: string urls: description: |- Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance. items: $ref: '#/definitions/UrlAlias' title: |- Array of relative urls and their aliases type: array required: - display_name - urls title: |- Datasource Instance type: object x-vmw-nsx-module: NsxDashboard DefaultFilterValue: description: |- An instance of a datasource configuration. properties: alias: description: |- Filter alias. title: |- Filter alias type: string value: description: |- Filter default value. title: |- Filter default value type: string required: - alias - value title: |- Default filter values type: object x-vmw-nsx-module: NsxDashboard DeploymentZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_points: description: |- Logical grouping of enforcement points items: $ref: '#/definitions/EnforcementPoint' title: |- Logical grouping of enforcement points type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Logical grouping of enforcement points. This is a deprecated type. DeploymentZone has been renamed to Site. Use Site. title: |- Deployment zone x-vmw-nsx-module: PolicyEnforcementPointManagement DfwFirewallConfiguration: allOf: - $ref: '#/definitions/FirewallConfiguration' - properties: idfw_enabled: default: false description: | If set to true, identity firewall is enabled. title: |- Identity firewall enable flag type: boolean type: object x-vmw-nsx-module: Policy description: |- DFW Firewall related configurations title: |- DFW Firewall related configurations x-vmw-nsx-module: Policy DhcpHeader: properties: op_code: default: BOOTREQUEST description: |- This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY. enum: - BOOTREQUEST - BOOTREPLY title: |- Message op code / message type type: string type: object x-vmw-nsx-module: Traceflow DhcpIpPoolUsage: properties: allocated_number: description: |- allocated number. COULD BE INACCURATE, REFERENCE ONLY. format: int64 title: |- allocated number. COULD BE INACCURATE, REFERENCE ONLY. type: integer allocated_percentage: description: |- allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. format: int64 title: |- allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. type: integer dhcp_ip_pool_id: description: |- uuid of dhcp ip pool title: |- uuid of dhcp ip pool type: string pool_size: description: |- pool size format: int64 title: |- pool size type: integer required: - allocated_percentage - pool_size - allocated_number - dhcp_ip_pool_id type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeasePerIP: properties: expire_time: description: |- expire time of the lease title: |- expire time of the lease type: string ip_address: description: |- ip address of client title: |- ip address of client type: string lease_time: description: |- lease time of the ip address, in seconds title: |- lease time of the ip address, in seconds type: string mac_address: description: |- mac address of client title: |- mac address of client type: string start_time: description: |- start time of lease title: |- start time of lease type: string subnet: description: |- subnet of client network title: |- subnet of client network type: string required: - start_time - ip_address - mac_address type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeases: properties: dhcp_server_id: description: |- dhcp server uuid title: |- dhcp server uuid type: string leases: description: |- The lease info list of the server items: $ref: '#/definitions/DhcpLeasePerIP' maxItems: 65535 minItems: 0 title: |- The lease info list of the server type: array timestamp: description: |- timestamp of the lease info format: int64 type: integer type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeasesResult: allOf: - $ref: '#/definitions/DhcpLeases' - properties: connectivity_path: description: | Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached. title: |- Policy path to Segment, Tier0 or Tier1 gateway type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpOption121: description: |- DHCP option 121 to define classless static route. properties: static_routes: description: |- Classless static route of DHCP option 121. items: $ref: '#/definitions/ClasslessStaticRoute' maxItems: 27 minItems: 1 title: |- DHCP classless static routes type: array required: - static_routes title: |- DHCP option 121 type: object x-vmw-nsx-module: Dhcp DhcpRelayConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: server_addresses: description: | DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 8 title: |- DHCP relay addresses type: array required: - server_addresses type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP relay configuration. Please note, the realized-state of this entity returned by the "GET /policy/api/v1/infra/realized-state/realized-entity" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-relay-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway. title: |- DHCP relay configuration x-vmw-nsx-module: PolicyConnectivity DhcpRelayConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DhcpRelayConfig results items: $ref: '#/definitions/DhcpRelayConfig' title: |- DhcpRelayConfig results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of DhcpRelayConfigs title: |- Paged collection of DhcpRelayConfigs x-vmw-nsx-module: PolicyConnectivity DhcpServerConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_cluster_path: description: | Edge cluster path. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses. title: |- Edge cluster path type: string lease_time: default: 86400 description: | IP address lease time in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- IP address lease time in seconds type: integer preferred_edge_paths: description: | Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server. items: type: string maxItems: 2 title: |- Edge node path type: array server_address: description: | DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values. format: ip-cidr-block title: |- DHCP server address in CIDR format type: string x-deprecated: true server_addresses: description: | DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment. items: format: ip-cidr-block type: string maxItems: 2 title: |- DHCP server address in CIDR format type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP server configuration. Please note, the realized-state of this entity returned by the "GET /policy/api/v1/infra/realized-state/realized-entity" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-server-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway. title: |- DHCP server configuration x-vmw-nsx-module: PolicyConnectivity DhcpServerConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DhcpServerConfig results items: $ref: '#/definitions/DhcpServerConfig' title: |- DhcpServerConfig results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of DhcpServerConfigs title: |- Paged collection of DhcpServerConfigs x-vmw-nsx-module: PolicyConnectivity DhcpServerState: allOf: - $ref: '#/definitions/ConfigurationState' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpServerStatistics: allOf: - $ref: '#/definitions/DhcpStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpServerStatus: properties: active_node: description: |- uuid of active transport node title: |- uuid of active transport node type: string error_message: description: |- Error message, if available title: |- Error message, if available type: string service_status: description: | UP means the dhcp service is working fine on both active transport-node and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down. enum: - UP - DOWN - ERROR - NO_STANDBY type: string stand_by_node: description: |- uuid of stand_by transport node. null if non-HA mode title: |- uuid of stand_by transport node. null if non-HA mode type: string required: - service_status - active_node type: object x-vmw-nsx-module: AggSvcDhcp DhcpStaticBindingConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - DhcpV4StaticBindingConfig - DhcpV6StaticBindingConfig type: string required: - resource_type type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv4 and IPv6 static bindings are extended from this abstract class. title: |- Base class for DHCP options x-vmw-nsx-module: PolicyConnectivity DhcpStaticBindingConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of DhcpStaticBindingConfig items: $ref: '#/definitions/DhcpStaticBindingConfig' title: |- Paginated list of DhcpStaticBindingConfig type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity DhcpStaticBindingState: allOf: - $ref: '#/definitions/ConfigurationState' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpStatistics: properties: acks: description: |- The total number of DHCP ACK packets format: int64 title: |- The total number of DHCP ACK packets type: integer declines: description: |- The total number of DHCP DECLINE packets format: int64 title: |- The total number of DHCP DECLINE packets type: integer dhcp_server_id: description: |- dhcp server uuid title: |- dhcp server uuid type: string discovers: description: |- The total number of DHCP DISCOVER packets format: int64 title: |- The total number of DHCP DISCOVER packets type: integer errors: description: |- The total number of DHCP errors format: int64 title: |- The total number of DHCP errors type: integer informs: description: |- The total number of DHCP INFORM packets format: int64 title: |- The total number of DHCP INFORM packets type: integer ip_pool_stats: description: |- The DHCP ip pool usage statistics items: $ref: '#/definitions/DhcpIpPoolUsage' title: |- The DHCP ip pool usage statistics type: array nacks: description: |- The total number of DHCP NACK packets format: int64 title: |- The total number of DHCP NACK packets type: integer offers: description: |- The total number of DHCP OFFER packets format: int64 title: |- The total number of DHCP OFFER packets type: integer releases: description: |- The total number of DHCP RELEASE packets format: int64 title: |- The total number of DHCP RELEASE packets type: integer requests: description: |- The total number of DHCP REQUEST packets format: int64 title: |- The total number of DHCP REQUEST packets type: integer timestamp: description: |- timestamp of the statistics format: int64 type: integer required: - errors - releases - informs - timestamp - dhcp_server_id - nacks - offers - discovers - acks - declines - requests type: object x-vmw-nsx-module: AggSvcDhcp DhcpV4Options: description: |- DHCP options for IPv4 server. properties: option121: $ref: '#/definitions/DhcpOption121' description: | DHCP option 121 to define classless static routes. title: |- DHCP option 121 others: description: | To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 93 PXE: Client system architecture 94 PXE: Client NDI 97 PXE: UUID/UNDI 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 175 Etherboot 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time items: $ref: '#/definitions/GenericDhcpOption' maxItems: 255 minItems: 0 title: |- Other DHCP options type: array title: |- DHCP options for IPv4 address family type: object x-vmw-nsx-module: PolicyConnectivity DhcpV4StaticBindingConfig: allOf: - $ref: '#/definitions/DhcpStaticBindingConfig' - properties: gateway_address: description: | When not specified, gateway address is auto-assigned from segment configuration. format: ipv4 type: string host_name: description: | Hostname to assign to the host. maxLength: 63 title: |- Host name type: string ip_address: description: | IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment. format: ipv4 type: string lease_time: default: 86400 description: | DHCP lease time in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- Lease time type: integer mac_address: description: | MAC address of the host. format: mac-address type: string options: $ref: '#/definitions/DhcpV4Options' description: | IPv4 DHCP options. title: |- DHCP options required: - ip_address - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv4 static bindings are configured for each segment. title: |- DHCP static binding x-vmw-nsx-module: PolicyConnectivity DhcpV6StaticBindingConfig: allOf: - $ref: '#/definitions/DhcpStaticBindingConfig' - properties: dns_nameservers: description: | When not specified, no DNS nameserver will be set to client host. items: type: string maxItems: 2 minItems: 0 title: |- DNS nameservers to be set to client host type: array domain_names: description: | When not specified, no domain name will be assigned to client host. items: type: string title: |- Domain names to be assigned to client host type: array ip_addresses: description: | When not specified, no ip address will be assigned to client host. items: description: |- IPv6 address format: ipv6 type: string maxItems: 1 minItems: 0 title: |- IP addresses to be assigned to client host type: array lease_time: default: 86400 description: |- Lease time, in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- Lease time type: integer mac_address: description: | The MAC address of the client host. Either client-duid or mac-address, but not both. format: mac-address type: string preferred_time: description: | Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. format: int64 maximum: 4294967295 minimum: 48 title: |- Preferred time type: integer sntp_servers: description: |- SNTP server IP addresses. items: description: |- IPv6 address format: ipv6 type: string maxItems: 2 minItems: 0 title: |- SNTP server ips type: array required: - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv6 static bindings are configured for each segment. title: |- DHCP static binding x-vmw-nsx-module: PolicyConnectivity Dhcpv6Header: properties: msg_type: default: SOLICIT description: |- This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters. enum: - SOLICIT - ADVERTISE - REQUEST - REPLY title: |- DHCP message type type: string type: object x-vmw-nsx-module: Traceflow DiscoveredNode: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: certificate: description: |- Certificate of the discovered node title: |- Certificate of the discovered node type: string cm_local_id: description: |- Local Id of the discovered node in the Compute Manager readOnly: true title: |- Local Id of the discovered node in the Compute Manager type: string external_id: description: |- External id of the discovered node, ex. a mo-ref from VC readOnly: true title: |- External id of the discovered node, ex. a mo-ref from VC type: string hardware_id: description: |- Hardware Id is generated using system hardware info. It is used to retrieve fabric node of the esx. readOnly: true title: |- Hardware Id of the discovered node type: string ip_addresses: description: |- IP Addresses of the the discovered node. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- IP Addresses of the the discovered node. type: array node_type: description: |- Discovered Node type like Host readOnly: true title: |- Discovered Node type like Host type: string origin_id: description: |- Id of the compute manager from where this node was discovered readOnly: true title: |- Id of the compute manager from where this node was discovered type: string origin_properties: description: | Key-Value map of additional specific properties of discovered node in the Compute Manager items: $ref: '#/definitions/KeyValuePair' readOnly: true title: | Key-Value map of additional specific properties of discovered node in the Compute Manager type: array os_type: description: |- OS type of the discovered node readOnly: true title: |- OS type of the discovered node type: string os_version: description: |- OS version of the discovered node readOnly: true title: |- OS version of the discovered node type: string parent_compute_collection: description: |- External id of the compute collection to which this node belongs readOnly: true title: |- External id of the compute collection to which this node belongs type: string stateless: description: |- The stateless property describes whether host persists its state across reboot or not. If state persists, value is set as false otherwise true. readOnly: true title: |- Specifies whether host is stateless type: boolean type: object x-vmw-nsx-module: InventoryCmObj x-vmw-nsx-module: InventoryCmObj DiscoveredResource: allOf: - $ref: '#/definitions/Resource' - discriminator: resource_type properties: _last_sync_time: description: |- Timestamp of last modification format: int64 readOnly: true type: integer description: description: |- Description of this resource maxLength: 1024 title: |- Description of this resource type: string display_name: description: |- Defaults to ID if not set maxLength: 255 title: |- Identifier to use when displaying entity in logs or GUI type: string resource_type: description: |- The type of this resource. readOnly: false type: string tags: description: |- Opaque identifiers meaningful to the API user items: $ref: '#/definitions/Tag' maxItems: 30 title: |- Opaque identifiers meaningful to the API user type: array required: - resource_type type: object x-vmw-nsx-module: Common description: |- Base class for resources that are discovered and automatically updated title: |- Base class for resources that are discovered and automatically updated x-vmw-nsx-module: Common DiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Base Discovery Profile Binding Map title: |- Base Discovery Profile Binding Map x-vmw-nsx-module: PolicyDiscoveryProfileBinding DistributedFloodProtectionProfile: allOf: - $ref: '#/definitions/FloodProtectionProfile' - properties: enable_rst_spoofing: default: false description: |- If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles. readOnly: false title: |- Flag to indicate rst spoofing is enabled type: boolean enable_syncache: default: false description: |- If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles. readOnly: false title: |- Flag to indicate syncache is enabled type: boolean type: object x-vmw-nsx-module: PolicyProfile x-vmw-nsx-module: PolicyProfile DistributedVirtualPortgroup: allOf: - $ref: '#/definitions/VirtualPortgroup' - properties: backing_type: description: | For distributed virtual portgroup, backing type is standard. For logical switch portgroup, the backing type is set to nsx. readOnly: false title: |- Backing type for portgroup type: string key: description: |- Generated UUID of the portgroup readOnly: false title: |- Generated UUID of the portgroup type: string overall_status: description: | This parameters reflects the managed entity status of the portgroup as reported by VC. enum: - RED - YELLOW - GREEN - GRAY readOnly: true title: |- General status of the virtual portgroup type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Distributed virtual portgroup on a VC title: |- Distributed virtual portgroup on a VC x-vmw-nsx-module: InventoryCmObj DistributedVirtualSwitch: allOf: - $ref: '#/definitions/VirtualSwitch' - properties: discovered_nodes: description: |- Array of discovered nodes connected to this switch. items: $ref: '#/definitions/DiscoveredNode' readOnly: true title: |- Array of discovered nodes connected type: array lacp_group_configs: description: | It contains information about VMware specific multiple dynamic LACP groups. items: $ref: '#/definitions/LacpGroupConfigInfo' readOnly: false title: |- Array of Link Aggregation Control Protocol (LACP) configuration type: array origin_properties: description: |- Key-Value map of additional properties of switch items: $ref: '#/definitions/KeyValuePair' readOnly: true title: |- Key-Value map of additional properties of switch type: array uplink_port_names: description: |- The uniform name of uplink ports on each host. items: type: string readOnly: true title: |- Uplink port names type: array uplink_portgroup: $ref: '#/definitions/DistributedVirtualPortgroup' description: |- Uplink portgroup of distributed virtual switch readOnly: true title: |- Uplink portgroup of distributed virtual switch uuid: description: |- UUID of the switch readOnly: true title: |- UUID of the switch type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- DistributedVirtualSwitch on a VC title: |- DistributedVirtualSwitch on a VC x-vmw-nsx-module: InventoryCmObj DnsHeader: properties: address: description: |- This is used to define what is being asked or responded. format: hostname-or-ip title: |- Domain name/IP to query/response type: string address_type: default: V4 description: |- This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA enum: - V4 - V6 type: string message_type: default: QUERY description: |- Specifies the message type whether it is a query or a response. enum: - QUERY - RESPONSE title: |- Specifies the message type whether it is a query or a response. type: string type: object x-vmw-nsx-module: Traceflow DnsSecurityProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ttl: default: 86400 description: | Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000. format: int64 maximum: 864000 minimum: 0 title: |- Time to live for DNS cache entry type: integer type: object x-vmw-nsx-module: PolicyProfile description: |- Used to configure DNS security profile title: |- DNS security profile x-vmw-nsx-module: PolicyProfile DnsSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. format: int64 maximum: 100000 minimum: 1 title: |- Sequence number DNS Security Profile Binding Map type: integer type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: | This entity will be used to establish association between DNS security profile and Group. With this entity, user can specify intent for applying DNS security profile profile to particular Group. title: |- Binding Map for DNS Security Profile x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding DnsSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DNS Security Profile Binding Map List Results items: $ref: '#/definitions/DnsSecurityProfileBindingMap' title: |- DNS Security Profile Binding Map List Results type: array type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: |- Paged collection of DNS Security Profile Binding Map title: |- Paged collection of DNS Security Profile Binding Map x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding DnsSecurityProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DnsSecurityProfile list results items: $ref: '#/definitions/DnsSecurityProfile' title: |- DnsSecurityProfile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of DnsSecurityProfile title: |- Paged Collection of DnsSecurityProfile x-vmw-nsx-module: PolicyProfile Domain: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: Policy description: |- Domain. title: |- Domain x-vmw-nsx-module: Policy DomainDeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point_path: description: |- Path of enforcement point on which domain shall be enforced. title: |- Absolute path of enforcement point type: string required: - enforcement_point_path type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of domain to the enforcement point. title: |- Domain Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement DomainDeploymentMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Domain Deployment Map list result. items: $ref: '#/definitions/DomainDeploymentMap' title: |- Domain Deployment Map List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of Domain Deployment Map. title: |- Paged Collection of Domain Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement DomainListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Domain list results items: $ref: '#/definitions/Domain' title: |- Domain list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Domains title: |- Paged Collection of Domains x-vmw-nsx-module: Policy DonutConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: count: description: |- Expression to retrieve count to be shown on Donut. title: |- Expression to retrieve count to be shown on Donut type: string display_count: default: true description: |- If true, displays the count of entities in the donut title: |- Show or hide the count of entities type: boolean label: $ref: '#/definitions/Label' description: |- Displayed at the middle of the donut, by default. It labels the entities of donut. title: |- Label of the Donut Configuration navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string sections: description: |- Sections items: $ref: '#/definitions/DonutSection' minItems: 1 title: |- Sections type: array required: - sections type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a Donut title: |- Donut Configuration x-vmw-nsx-module: NsxDashboard DonutPart: description: |- Represents an entity or portion to be plotted on a donut or stats chart. properties: condition: description: |- If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. title: |- Expression for evaluating condition type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. title: |- Id of drilldown widget type: string field: description: |- A numerical value that represents the portion or entity of the donut or stats chart. maxLength: 1024 title: |- Value of the portion or entity of donut or stats chart type: string hide_empty_legend: default: false description: |- If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration. title: |- Hide the legend if the data for the part is not available type: boolean label: $ref: '#/definitions/Label' description: |- If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template. title: |- Label of the portion or entity of donut or stats chart navigation: description: |- Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. title: |- Navigation to a specified UI page type: string render_configuration: description: |- Additional rendering or conditional evaluation of the field values to be performed, if any. items: $ref: '#/definitions/RenderConfiguration' minItems: 0 title: |- Render Configuration type: array tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the portion. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array required: - field title: |- Portion of a donut or stats chart type: object x-vmw-nsx-module: NsxDashboard DonutSection: description: |- Represents high level logical grouping of portions or segments of a donut / stats chart. properties: parts: description: |- Array of portions or parts of the donut or stats chart. items: $ref: '#/definitions/DonutPart' minItems: 1 title: |- Parts of a donut / stats chart type: array row_list_field: description: |- Field of the root of the api result set for forming parts. maxLength: 1024 title: |- Field from which parts of the donut or stats chart are formed type: string template: default: false description: |- If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'. title: |- Template, if any, for automatically forming the donut or stats parts type: boolean required: - parts title: |- Section of a donut or stats chart type: object x-vmw-nsx-module: NsxDashboard DropdownFilterWidgetConfiguration: allOf: - $ref: '#/definitions/FilterWidgetConfiguration' - properties: default_value: description: |- Expression to specify default value of filter. title: |- Expression to specify default value type: string dropdown_item: $ref: '#/definitions/DropdownItem' description: |- Defines the item of a dropdown. title: |- Definition for item of a dropdown placeholder_msg: description: |- Placeholder message to be displayed in dropdown filter. title: |- Placeholder message to be shown in filter type: string static_filter_condition: description: |- If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally. title: |- Expression for evaluating condition type: string static_filters: description: |- Additional static items to be added in dropdown filter. Example can be 'ALL'. items: $ref: '#/definitions/StaticFilter' title: |- Additional static items to be added in dropdown filter type: array required: - dropdown_item type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for dropdown filter widget. title: |- Dropdown Filter widget Configuration x-vmw-nsx-module: NsxDashboard DropdownItem: description: |- Dropdown item definition properties: display_name: description: |- expression to extract display name to be shown in the drop down. maxLength: 1024 title: |- Display name for item to be displayed in dropdown type: string field: description: |- An expression that represents the items of the dropdown filter. title: |- Expression for dropdown items of filter type: string value: description: |- Value of filter inside dropdown filter. title: |- Value for item to be displayed in dropdown type: string required: - field - value title: |- Dropdown item definition type: object x-vmw-nsx-module: NsxDashboard DuplicateAddressBindingEntry: allOf: - $ref: '#/definitions/AddressBindingEntry' - properties: conflicting_port: description: | Provides the ID of the port on which the same address bidning exists title: |- ID of logical port with the same address binding type: string type: object x-vmw-nsx-module: LogicalPort description: |- Duplicate address binding information title: |- Duplicate address binding information x-vmw-nsx-module: LogicalPort DuplicateIPDetectionOptions: description: |- Contains dupliacte IP detection related discovery options. properties: duplicate_ip_detection_enabled: default: false description: |- Indicates whether duplicate IP detection should be enabled title: |- Duplicate IP detection type: boolean title: |- Controls duplicate IP detection options type: object x-vmw-nsx-module: PolicyIpDiscovery EULAAcceptance: allOf: - $ref: '#/definitions/Resource' - properties: acceptance: description: |- Acceptance status of End User License Agreement title: |- End User License Agreement acceptance status type: boolean required: - acceptance type: object x-vmw-nsx-module: EULA description: |- Indicate the status of End User License Agreement acceptance title: |- EULA acceptance status x-vmw-nsx-module: EULA EULAContent: allOf: - $ref: '#/definitions/Resource' - properties: content: description: |- Content of End User License Agreement title: |- End User License Agreement content type: string type: object x-vmw-nsx-module: EULA description: |- End User License Agreement content title: |- EULA content x-vmw-nsx-module: EULA EdgeConfigurationState: allOf: - $ref: '#/definitions/ConfigurationState' - properties: pending_change_list: description: |- Request identifier of the API which modified the entity. items: type: string readOnly: true title: |- List of pending changes type: array type: object x-vmw-nsx-module: LogicalRouter description: | This contains fields that captures state of Trackable entities. Edge and VPN state entities extend this object. title: |- Configuration State for Edge and VPN entities. x-vmw-nsx-module: LogicalRouter EffectiveIPInfo: description: |- List of effective ip address along with site id properties: effective_ips: items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string type: array site_id: description: | Id of the site to which the effective IPs belong to title: | Id of the site to which the effective IPs belong to type: string required: - effective_ips - site_id title: |- List of effective ip address along with site id type: object x-vmw-nsx-module: GroupingObjectsProviders EgressRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- Average bandwidth in Mb/s format: int32 minimum: 0 title: |- Average bandwidth in Mb/s type: integer burst_size: default: 0 description: |- Burst size in bytes format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- Peak bandwidth in Mb/s format: int32 minimum: 0 title: |- Peak bandwidth in Mb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies egress rate properties in Mb/s title: |- A shaper that specifies egress rate properties in Mb/s x-vmw-nsx-module: PolicyQoS EndpointPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: endpoint_rules: description: |- Endpoint Rules that are a part of this EndpointPolicy items: $ref: '#/definitions/EndpointRule' title: |- Endpoint Rules that are a part of this EndpointPolicy type: array sequence_number: default: 0 description: | This field is used to resolve conflicts between maps across domains. format: int32 maximum: 499 minimum: 0 title: |- Precedence to resolve conflicts across Domains type: integer type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Ordered list of Endpoint Rules ordered by sequence number of the entries. The maximum number of policies is 25. title: | Contains ordered list of Endpoint Rules x-vmw-nsx-module: PolicyGuestIntrospection EndpointRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: groups: description: | We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 50 title: |- group paths type: array sequence_number: default: 0 description: | This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user. format: int32 maximum: 499 minimum: 0 title: |- Sequence number of this Entry type: integer service_profiles: description: | The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed. items: type: string maxItems: 1 title: |- Names of service profiles type: array required: - service_profiles - groups type: object x-vmw-nsx-module: PolicyGuestIntrospection description: |- Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups. title: |- Endpoint Rule for guest introspection. x-vmw-nsx-module: PolicyGuestIntrospection EnforcedStatusDetailsNsxT: description: | Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is a detailed view of the Realized Status of an intent object from an NSX-T enforcement point perspective. properties: enforced_status_info: $ref: '#/definitions/EnforcedStatusInfoNsxT' description: | Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. readOnly: true title: |- Enforced Realized Status Info pending_changes_info: $ref: '#/definitions/PendingChangesInfoNsxT' description: | Information about pending changes, if any, that aren't reflected in the Enforced Realized Status. readOnly: true title: |- Pending Changes Info title: |- NSX-T Enforced Realized Status Details type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusInfoNsxT: description: | Information about the realized status of the intent object on an NSX-T type of enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. In addition to the realized status across all scopes, this information holds details about enforced realized status per scope. properties: enforced_status: $ref: '#/definitions/EnforcedStatusNsxT' description: | Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point. readOnly: true title: |- Enforced Realized Status enforced_status_per_scope: description: |- List of Enforced Realized Status per Scope. items: $ref: '#/definitions/EnforcedStatusPerScopeNsxT' readOnly: true title: |- List of Enforced Realized Status per Scope type: array title: |- NSX-T Enforced Realized Status Information type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusNsxT: description: |- NSX-T Enforced Status. properties: status: description: |- Enforced Realized Status. enum: - UNINITIALIZED - UNKNOWN - UP - DOWN - DEGRADED - SUCCESS - FAILURE - IN_PROGRESS readOnly: true type: string status_message: description: | Status Message conveying hints depending on the status value. readOnly: true title: |- Status Message type: string title: |- NSX-T Enforced Status type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusPerScopeNsxT: description: | NSX-T Detailed Realized Status Per Scope. discriminator: resource_type properties: resource_type: description: | Enforced Realized Status Per Scope Resource Type. enum: - TransportNodeSpanEnforcedStatus readOnly: true title: |- Resource Type type: string required: - resource_type title: |- NSX-T Enforced Realized Status Per Scope type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusPerTransportNode: description: |- Detailed Realized Status Per Transport Node. properties: display_name: description: | Display name of the transport node. readOnly: true title: |- Transport Node Display Name type: string enforced_status: $ref: '#/definitions/EnforcedStatusNsxT' description: | Realized Status of an Intent object on this Transport Node. readOnly: true title: |- Enforced Realized Status nsx_id: description: | UUID identifying uniquely the Transport Node. readOnly: true title: |- Transport Node Identifier type: string path: description: | Policy Path referencing the transport node. readOnly: true title: |- Transport Node Path type: string title: |- Enforced Realized Status Per Transport Node type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcementPoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: auto_enforce: default: true description: | Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps. title: |- Auto Enforce Flag type: boolean connection_info: $ref: '#/definitions/EnforcementPointConnectionInfo' description: |- Connection Info of the Enforcement Point. title: |- Enforcement Point Connection Info version: description: |- Version of the Enforcement point. readOnly: true title: |- Enforcement point Version type: string required: - connection_info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Enforcement point is the endpoint where policy configurations are applied. title: |- Enforcement Point x-vmw-nsx-module: PolicyEnforcementPointManagement EnforcementPointConnectionInfo: description: |- Contains information required to connect to enforcement point. discriminator: resource_type properties: enforcement_point_address: description: | Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" title: |- Enforcement Point Address type: string resource_type: description: |- Resource Type of Enforcement Point Connection Info. enum: - NSXTConnectionInfo - NSXVConnectionInfo - CvxConnectionInfo - AviConnectionInfo title: |- Connection Info Resource Type type: string required: - enforcement_point_address - resource_type title: |- Enforcement Point Connection Info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement EnforcementPointListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Enforcement Point list Results. items: $ref: '#/definitions/EnforcementPoint' title: |- Enforcement Point List Results type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of enforcement points. title: |- Paged Collection of EnforcementPoints x-vmw-nsx-module: PolicyEnforcementPointManagement EntityInstanceCountConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: count: description: |- Instance count. format: int64 title: |- Instance count. type: integer operator: description: |- Operations supported '<' and '<='. title: |- Operations supported '<' and '<='. type: string required: - operator - count type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level constraint to restrict the number instances of an entity type can be created. This is useful in restricting number of CGWs or MGWs or Providers that can created in a system. title: |- Represents the leaf level constraint to restrict the number instances of type. x-vmw-nsx-module: PolicyConstraints ErrorResolverInfo: description: |- Metadata related to a given error_id properties: error_id: description: |- The error id for which metadata information is needed format: int64 title: |- The error id for which metadata information is needed type: integer resolver_present: description: |- Indicates whether there is a resolver associated with the error or not title: |- Indicates whether there is a resolver associated with the error or not type: boolean user_metadata: $ref: '#/definitions/ErrorResolverUserMetadata' description: |- User supplied metadata that might be required by the resolver title: |- User supplied metadata that might be required by the resolver required: - error_id - resolver_present type: object x-vmw-nsx-module: ErrorResolver ErrorResolverInfoList: description: |- Collection of all registered ErrorResolverInfo properties: results: description: |- ErrorResolverInfo list items: $ref: '#/definitions/ErrorResolverInfo' title: |- ErrorResolverInfo list type: array required: - results title: |- Collection of all registered ErrorResolverInfo type: object x-vmw-nsx-module: ErrorResolver ErrorResolverMetadata: description: |- Error along with its metadata properties: entity_id: description: |- The entity/node UUID where the error has occurred. title: |- The entity/node UUID where the error has occurred. type: string error_id: description: |- The error id as reported by the entity where the error occurred. format: int64 title: |- The error id as reported by the entity where the error occurred. type: integer system_metadata: $ref: '#/definitions/ErrorResolverSystemMetadata' description: |- This can come from some external system like syslog collector title: |- This can come from some external system like syslog collector user_metadata: $ref: '#/definitions/ErrorResolverUserMetadata' description: |- User supplied metadata that might be required by the resolver title: |- User supplied metadata that might be required by the resolver required: - error_id - entity_id type: object x-vmw-nsx-module: ErrorResolver ErrorResolverMetadataList: description: |- List of errors with their metadata properties: errors: description: |- List of errors with their corresponding metadata. items: $ref: '#/definitions/ErrorResolverMetadata' title: |- List of errors with their corresponding metadata. type: array required: - errors type: object x-vmw-nsx-module: ErrorResolver ErrorResolverSystemMetadata: description: |- Metadata fetched from an external system like Syslog or LogInsight. properties: value: description: |- The value fetched from another system title: |- The value fetched from another system type: string type: object x-vmw-nsx-module: ErrorResolver ErrorResolverUserInputData: description: |- Corresponds to one property entered by the user properties: data_type: description: |- The datatype of the given property. Useful for data validation enum: - TEXT - NUMBER - PASSWORD title: |- The datatype of the given property. Useful for data validation type: string property_name: description: |- Name of the property supplied by the user title: |- Name of the property supplied by the user type: string property_value: description: |- The value associated with the above property title: |- The value associated with the above property type: string required: - data_type - property_name type: object x-vmw-nsx-module: ErrorResolver ErrorResolverUserMetadata: description: |- User supplied metadata needed for resolving errors properties: user_input_list: description: |- List of user supplied input data. items: $ref: '#/definitions/ErrorResolverUserInputData' title: |- List of user supplied input data. type: array type: object x-vmw-nsx-module: ErrorResolver EtherTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: ether_type: description: |- Type of the encapsulated protocol format: int64 title: |- Type of the encapsulated protocol type: integer required: - ether_type type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents an ethertype protocol title: |- A ServiceEntry that represents an ethertype protocol x-vmw-nsx-module: Policy EthernetHeader: properties: dst_mac: description: | The destination MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. title: |- Destination MAC address of the Ethernet header type: string eth_type: default: 2048 description: |- This field defaults to IPv4. format: int64 maximum: 65535 minimum: 1 title: |- The value of the type field to be put into the Ethernet header type: integer src_mac: description: | The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. title: |- Source MAC address of the Ethernet header type: string type: object x-vmw-nsx-module: Traceflow Evaluation: description: | Criterion Evaluation is the basic logical condition to evaluate whether the event could be potentially met. discriminator: resource_type properties: resource_type: description: | Criterion Evaluation resource type. enum: - SourceFieldEvaluation title: |- Resource Type type: string required: - resource_type title: |- Criterion Evaluation type: object x-vmw-nsx-module: PolicyReaction Event: description: | The Event is the criterion or criteria applied to the source and, when met, prompt Policy to run the action. All Reaction Events are constructed with reference to the object, the "source", that is logically deemed to be the object upon which the Event in question initially occurred upon. Some example events include: - New object was created. - Change in realization state. - Specific API is called. properties: criteria: description: | Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR). items: $ref: '#/definitions/Criterion' title: |- Event Criteria type: array source: $ref: '#/definitions/Source' description: | Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. title: |- Event Source required: - source title: |- Reaction Event type: object x-vmw-nsx-module: PolicyReaction EvpnConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: encapsulation_method: $ref: '#/definitions/EvpnEncapConfig' description: | Encapsulation method for EVPN service that is used by the transport layer. title: |- Encapsulation method for EVPN. mode: default: DISABLE description: | In INLINE mode, edge nodes participate both in the BGP EVPN control plane route exchange and in data path tunneling between edge nodes and data center gateways. In ROUTE_SERVER mode, edge nodes participate in the BGP EVPN control plane route exchanges only and do not participate in the data forwarding, i.e., the data path tunnels are directly established between the hypervisors and the data center gateways. DISABLE mode disables EVPN service capability. enum: - INLINE - ROUTE_SERVER - DISABLE title: |- EVPN service mode type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Evpn Configuration. title: |- Evpn Configuration x-vmw-nsx-module: PolicyConnectivity EvpnEncapConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: evpn_tenant_config_path: description: |- EVPN tenant config path title: |- EVPN tenant config path type: string vni_pool_path: description: |- vni pool path title: |- vni pool path type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Encapsulation method for EVPN. title: |- Encapsulation method for EVPN x-vmw-nsx-module: PolicyConnectivity EvpnTenantConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: mappings: description: | This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay transmission to Physical-Gateways used by vRouters. items: $ref: '#/definitions/VlanVniRangePair' maxItems: 2000 minItems: 1 title: |- VLANs to VNIs mapping spec type: array transport_zone_path: description: |- Policy path to transport zone. Only overlay transport zone is supported. title: |- Policy path to the transport zone type: string vni_pool_path: description: |- Policy path to the vni pool used for Evpn in ROUTE-SERVER mode. title: |- Policy path to the vni pool type: string required: - transport_zone_path - mappings - vni_pool_path type: object x-vmw-nsx-module: PolicyConnectivity description: | This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode. The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches. title: |- Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode. x-vmw-nsx-module: PolicyConnectivity EvpnTunnelEndpointConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_path: description: |- edge path title: |- edge path type: string local_addresses: description: |- local addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- local addresses type: array mtu: description: |- MTU format: int32 maximum: 9100 minimum: 64 title: |- MTU type: integer required: - edge_path - local_addresses type: object x-vmw-nsx-module: PolicyConnectivity description: |- Evpn Tunnel Endpoint Configuration. title: |- Evpn Tunnel Endpoint Configuration x-vmw-nsx-module: PolicyConnectivity ExportRequestParameter: description: | This holds the request parameters required to invoke export task. properties: draft_path: description: | Policy path of a draft which is to be exported. If not provided, current firewall configuration will then be exported. title: |- Policy path of draft type: string passphrase: description: | Passphrase to sign exported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character. minLength: 8 title: |- Passphrase to sign exported files type: string title: |- Export task request parameters type: object x-vmw-nsx-module: PolicyTask ExportTask: allOf: - $ref: '#/definitions/PolicyTask' - properties: draft_path: description: | Policy path of a draft if this is an export task to export draft configuration. readOnly: true title: |- Policy path of a draft type: string exported_file: description: | Name of the exported file generated after completion of export task. readOnly: true title: |- Name of the exported file type: string type: object x-vmw-nsx-module: PolicyTask description: | This object holds the information of the export task. title: |- Export task information x-vmw-nsx-module: PolicyTask Expression: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - Condition - ConjunctionOperator - NestedExpression - IPAddressExpression - MACAddressExpression - ExternalIDExpression - PathExpression - IdentityGroupExpression type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: | All the nodes of the expression extend from this abstract class. This is present for extensibility. title: |- Base class for each node of the expression x-vmw-nsx-module: Policy ExternalIDExpression: allOf: - $ref: '#/definitions/Expression' - properties: external_ids: description: |- This array can consist of one or more external IDs for the specified member type. items: type: string minItems: 1 title: |- Array of external IDs for the specified member type type: array member_type: description: |- External ID member type enum: - VirtualMachine - VirtualNetworkInterface - CloudNativeServiceInstance - PhysicalServer title: |- External ID member type type: string required: - external_ids - member_type type: object x-vmw-nsx-module: Policy description: |- Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group. title: |- External ID expression node x-vmw-nsx-module: Policy FIPSGlobalConfig: description: |- Global configuration properties: lb_fips_enabled: default: false description: |- When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature. title: |- A flag to turn on or turn off the FIPS compliance of load balancer feature. type: boolean title: |- Global configuration type: object x-vmw-nsx-module: Policy FeatureCompatibilityInfo: description: | Feature status information indicating site configuration compatibility with global manager configuration. properties: details: items: $ref: '#/definitions/CompatibilityDetail' maxItems: 10 readOnly: true type: array feature: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true status: description: |- Compatibility Status enum: - COMPATIBLE - INCOMPATIBLE readOnly: true type: string title: |- Feature Compatibility Info type: object x-vmw-nsx-module: GmConfigOnboarding FeatureConflictInfo: description: | Feature status information with number of conflicting entities and its total count associated with the feature. properties: conflict_count: description: | Number of conflicting entities with global entities in the feature during an onboarding stage. format: int64 readOnly: true title: |- Conflict Count type: integer feature: $ref: '#/definitions/OnboardingFeatureInfo' readOnly: true total_count: description: | Total number of entities in the feature during an onboarding stage. format: int64 readOnly: true title: |- Total Count type: integer title: |- Feature Conflict Info type: object x-vmw-nsx-module: GmConfigOnboarding FeaturePermission: description: |- Feature Permission properties: feature: description: |- Feature Id title: |- Feature Id type: string feature_description: description: |- Feature Description title: |- Feature Description type: string feature_name: description: |- Feature Name title: |- Feature Name type: string is_execute_recommended: description: |- Is execute recommended readOnly: true title: |- Is execute recommended type: boolean is_internal: description: |- Is internal readOnly: true title: |- Is internal type: boolean permission: description: |- Permission enum: - crud - read - execute - none title: |- Permission type: string required: - feature - permission title: |- Feature Permission type: object x-vmw-nsx-module: AAA FeaturePermissionArray: properties: feature_permissions: description: |- Array of FeaturePermission items: $ref: '#/definitions/FeaturePermission' title: |- Array of FeaturePermission type: array required: - feature_permissions type: object x-vmw-nsx-module: AAA FeaturePermissionListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/FeaturePermission' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA FeatureSet: description: |- Represents list of features required to view the widget. properties: feature_list: description: |- List of features required for to view widget. items: type: string title: |- List of features required for to view wdiget type: array require_all_permissions: description: |- Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available. title: |- Flag for specifying if permission to all features is required type: boolean title: |- List of features required to view the widget type: object x-vmw-nsx-module: NsxDashboard FeatureSummary: description: | Feature summary defining overall conflicting count against total number of entities. properties: total_conflict_count: description: | Total number of conflicting entities with global entities accross all features during an onboarding stage. format: int64 readOnly: true title: |- Total Conflict Count type: integer total_count: description: | Total number of entities across all features during an onboarding stage. format: int64 readOnly: true title: |- Total Count type: integer title: |- Feature Summary type: object x-vmw-nsx-module: GmConfigOnboarding FederationComponentUpgradeStatus: properties: component_type: description: |- Component type for the upgrade status readOnly: true title: |- Component type for the upgrade status type: string current_version_node_summary: description: |- Mapping of current versions of nodes and counts of nodes at the respective versions. items: $ref: '#/definitions/FederationNodeSummary' readOnly: true title: |- Mapping of current versions of nodes and counts of nodes at the respective versions. type: array details: description: |- Details about the upgrade status readOnly: true title: |- Details about the upgrade status type: string percent_complete: description: |- Indicator of upgrade progress in percentage readOnly: true title: |- Indicator of upgrade progress in percentage type: number status: description: |- Upgrade status of component enum: - SUCCESS - FAILED - IN_PROGRESS - NOT_STARTED - PAUSED readOnly: true title: |- Upgrade status of component type: string target_version: description: |- Target component version readOnly: true title: |- Target component version type: string type: object x-vmw-nsx-module: FederationUpgrade FederationConfig: description: | Global Manager federation configuration. This configuration is distributed to all Sites participating in federation. properties: site_config: description: |- Federation configurations of all Sites items: $ref: '#/definitions/SiteFederationConfig' readOnly: true title: |- Federation configurations of all Sites type: array title: |- Global Manager federation configuration type: object x-vmw-nsx-module: PolicySiteGM FederationConnectivityConfig: description: |- Additional configuration required for federation. properties: global_overlay_id: description: | Global id for by Layer3 services for federation usecases. format: int64 readOnly: true title: |- Auto generated federation global 24-bit id type: integer title: |- Federation connectivity configuration type: object x-vmw-nsx-module: PolicyConnectivity FederationGatewayConfig: allOf: - $ref: '#/definitions/FederationConnectivityConfig' - properties: site_allocation_indices: description: | Indicies for cross site allocation for edge cluster and its members referred by gateway. items: $ref: '#/definitions/SiteAllocationIndexForEdge' readOnly: true title: | Indicies for cross site allocation type: array transit_segment_id: description: | Global UUID for transit segment id to be used by Layer2 services for federation usecases. readOnly: true title: |- Auto generated federation global id for transit segment type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Additional gateway configuration required for federation title: |- Federation gateway configuration x-vmw-nsx-module: PolicyConnectivity FederationInvalidConfigurationDetailsResponse: description: |- Federation Invalid Configuration Details Response properties: feature: $ref: '#/definitions/OnboardingFeatureInfo' description: | Federation feature with invalid configuration for onboarding a site. readOnly: true title: |- Feature information invalid_config_summary: items: $ref: '#/definitions/InvalidConfigSummary' maxItems: 8 readOnly: true type: array total_count: description: | Total resource count in invalid configuration. format: int64 readOnly: true title: |- Total Resource Count type: integer title: |- Federation Invalid Configuration Details Response type: object x-vmw-nsx-module: GmConfigOnboarding FederationNodeSummary: allOf: - $ref: '#/definitions/Resource' - properties: node_count: description: |- Number of nodes of the type and at the component version. format: int32 readOnly: true title: |- Count of nodes type: integer version: description: |- Component version readOnly: true title: |- Component version type: string type: object x-vmw-nsx-module: FederationUpgrade x-vmw-nsx-module: FederationUpgrade FederationUpgradeSummary: description: | Provides upgrade summary for a specific site. properties: component_status: description: |- List of component statuses items: $ref: '#/definitions/FederationComponentUpgradeStatus' readOnly: true title: |- List of component statuses type: array current_version: description: |- This is NSX version for the site. readOnly: true title: |- Current version of the site type: string gpm_name: description: |- Name of the global manager if present. readOnly: true title: |- Name of the global manager type: string id: description: |- Unique identifier of this resource. readOnly: true title: |- UUID of this resource type: string last_upgrade_timestamp: description: |- Indicates the time when the site was upgraded. readOnly: true title: |- Last upgrade timestamp type: string name: description: |- Name of the site. readOnly: true title: |- Name of the site type: string overall_upgrade_status: description: |- Status of upgrade enum: - SUCCESS - FAILED - IN_PROGRESS - NOT_STARTED - PAUSED readOnly: true title: |- Status of upgrade type: string site_id: description: |- This is the Site Manager generated UUID for every NSX deployment. readOnly: true title: |- UUID of the site type: string site_ip: description: |- IP address of the site. readOnly: true title: |- Site IP type: string site_type: description: |- Type of this site. enum: - ACTIVE_GM_SITE - STANDBY_GM_SITE - NON_GM_SITE readOnly: true title: |- Site type type: string target_version: description: |- This is NSX target version for the site, if it is undergoing upgrade. readOnly: true title: |- Target version for the site type: string title: |- Upgrade Summary type: object x-vmw-nsx-module: FederationUpgrade FederationUpgradeSummaryListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of site upgrade information items: $ref: '#/definitions/FederationUpgradeSummary' readOnly: true title: |- Paged collection of site upgrade information type: array type: object x-vmw-nsx-module: FederationUpgrade description: |- Paged Collection of site upgrade information title: |- Paged Collection of site upgrade information x-vmw-nsx-module: FederationUpgrade FieldSanityConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: checks: description: |- List of sanity checks. items: enum: - ALL_PUBLIC_IPS - ALL_PRIVATE_IPS type: string title: |- Array of sanity checks to be performed on field value type: array operator: description: |- A conditional operator enum: - OR - AND title: |- A conditional operator type: string required: - operator - checks type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the field value constraint to constrain specified field value based on defined sanity checks. Example - For DNS.upstream_servers, all the IP addresses must either be public or private. { "target": { "target_resource_type": "DnsForwarderZone", "attribute": "upstreamServers", "path_prefix": "/infra/dns-forwarder-zones/" }, "constraint_expression": { "resource_type": "FieldSanityConstraintExpression", "operator": "OR", "checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"] } } title: |- Represents the field value sanity constraint x-vmw-nsx-module: PolicyConstraints FieldSetting: description: | Field Setting. properties: field_pointer: description: |- Field Pointer. title: |- Field Pointer type: string value: $ref: '#/definitions/FieldSettingValue' description: |- Value that the field must be set to. title: |- Value required: - value - field_pointer title: |- FieldSetting type: object x-vmw-nsx-module: PolicyReaction FieldSettingValue: description: | Field Setting Value. discriminator: resource_type properties: resource_type: description: | Field Setting Value resource type. enum: - ConstantFieldValue title: |- Resource Type type: string required: - resource_type title: |- Field Setting Value type: object x-vmw-nsx-module: PolicyReaction FieldsFilterData: allOf: - $ref: '#/definitions/LiveTraceFilterData' - properties: ip_info: $ref: '#/definitions/IpInfo' description: |- IP address information title: |- IP address information transport_info: $ref: '#/definitions/TransportInfo' description: |- Transport layer information title: |- Transport layer information type: object x-vmw-nsx-module: LiveTrace x-vmw-nsx-module: LiveTrace FieldsPacketData: allOf: - $ref: '#/definitions/PacketData' - properties: arp_header: $ref: '#/definitions/ArpHeader' description: |- The ARP header title: |- The ARP header eth_header: $ref: '#/definitions/EthernetHeader' description: |- The ethernet header title: |- The ethernet header ip_header: $ref: '#/definitions/Ipv4Header' description: |- The IPv4 header title: |- The IPv4 header ipv6_header: $ref: '#/definitions/Ipv6Header' description: |- The IPv6 header title: |- The IPv6 header payload: description: |- Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header. maxLength: 1336 title: |- RFC3548 compatible base64-encoded payload type: string transport_header: $ref: '#/definitions/TransportProtocolHeader' description: |- This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported). title: |- The transport header type: object x-vmw-nsx-module: Traceflow x-vmw-nsx-module: Traceflow FileTransferAuthenticationScheme: description: |- Remote server authentication details properties: password: description: |- Password to authenticate with title: |- Password to authenticate with type: string scheme_name: description: |- Authentication scheme name enum: - PASSWORD title: |- Authentication scheme name type: string username: description: |- User name to authenticate with title: |- User name to authenticate with type: string required: - username - scheme_name title: |- Remote server authentication details type: object x-vmw-nsx-module: BackupConfiguration FileTransferProtocol: description: |- Protocol to transfer backup file to remote server properties: authentication_scheme: $ref: '#/definitions/FileTransferAuthenticationScheme' description: |- Scheme to authenticate if required title: |- Scheme to authenticate if required protocol_name: default: sftp description: |- Protocol name enum: - sftp title: |- Protocol name type: string ssh_fingerprint: description: | The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}' title: |- SSH fingerprint of server type: string required: - protocol_name - ssh_fingerprint - authentication_scheme title: |- Protocol to transfer backup file to remote server type: object x-vmw-nsx-module: BackupConfiguration FilterWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: alias: description: |- Alias to be used when emitting filter value. title: |- Alias to be used when emitting filter value type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for filter widget. This is abstract representation of filter widget. title: |- Filter widget Configuration x-vmw-nsx-module: NsxDashboard FirewallConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: disable_auto_drafts: default: false description: | To disable auto drafts, set it to true. By default, auto drafts are enabled. title: |- Auto draft disable flag type: boolean enable_firewall: default: true description: | If set to true, Firewall is enabled. title: |- Firewall enable flag type: boolean resource_type: enum: - DfwFirewallConfiguration type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- Firewall related configurations title: |- Firewall related configurations x-vmw-nsx-module: Policy FloodProtectionProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: icmp_active_flow_limit: description: |- If this field is empty, firewall will not set a limit to active ICMP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active ICMP connections limit type: integer other_active_conn_limit: description: |- If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Timeout after first TN type: integer resource_type: description: | GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes. enum: - GatewayFloodProtectionProfile - DistributedFloodProtectionProfile type: string tcp_half_open_conn_limit: description: |- If this field is empty, firewall will not set a limit to half open TCP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active half open TCP connections limit type: integer udp_active_flow_limit: description: |- If this field is empty, firewall will not set a limit to active UDP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active UDP connections limit type: integer required: - resource_type type: object x-vmw-nsx-module: PolicyProfile description: |- A profile holding TCP, UDP and ICMP and other protcol connection limits. title: |- Flood Protection profile x-vmw-nsx-module: PolicyProfile FloodProtectionProfileBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Flood protection profile binding maps list results items: $ref: '#/definitions/FloodProtectionProfileBindingMap' title: |- Flood protection profile binding maps list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of flood protection profile binding maps title: |- Paged Collection of flood protection profile binding maps x-vmw-nsx-module: PolicyProfile FloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between Flood Protection profile and Logical Routers. title: |- Policy Flood Protection Profile binding map x-vmw-nsx-module: PolicyProfile FloodProtectionProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Flood protection profile list results items: $ref: '#/definitions/FloodProtectionProfile' title: |- Flood protection profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of flood protection profiles title: |- Paged Collection of flood protection profiles x-vmw-nsx-module: PolicyProfile Footer: description: |- Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API. properties: actions: description: |- Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API. items: $ref: '#/definitions/FooterAction' minItems: 0 title: |- Footer Actions type: array condition: description: |- If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string title: |- Widget Footer type: object x-vmw-nsx-module: NsxDashboard FooterAction: description: |- Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API. properties: dock_to_container_footer: default: true description: |- If true, the footer will appear in the underlying container that holds the widget. title: |- Dock the footer at container type: boolean label: $ref: '#/definitions/Label' description: |- Label to be displayed against the footer action. title: |- Label for action url: description: |- Hyperlink to the UI page that provides details of action. maxLength: 1024 title: |- Clickable hyperlink, if any type: string required: - label title: |- Widget Footer Action type: object x-vmw-nsx-module: NsxDashboard ForwardingPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- Rules that are a part of this ForwardingPolicy items: $ref: '#/definitions/ForwardingRule' title: |- Rules that are a part of this ForwardingPolicy type: array type: object x-vmw-nsx-module: PolicyForwarding description: | Contains ordered list of forwarding rules that determine when to forward traffic to / from the underlay for accessing cloud native services. title: | Forwarding Policy x-vmw-nsx-module: PolicyForwarding ForwardingPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- ForwardingPolicy list results items: $ref: '#/definitions/ForwardingPolicy' title: |- ForwardingPolicy list results type: array required: - results type: object x-vmw-nsx-module: PolicyForwarding description: |- Paged Collection of ForwardingPolicy objects title: |- Paged Collection of ForwardingPolicy objects x-vmw-nsx-module: PolicyForwarding ForwardingRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services enum: - ROUTE_TO_UNDERLAY - ROUTE_TO_OVERLAY - ROUTE_FROM_UNDERLAY - ROUTE_FROM_OVERLAY - NAT_FROM_UNDERLAY - NAT_TO_UNDERLAY title: |- Action type: string type: object x-vmw-nsx-module: PolicyForwarding description: | Forwarding rule that determine how to forward traffic from a VM. Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port. Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port. ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP title: |- Forwarding rule x-vmw-nsx-module: PolicyForwarding ForwardingRuleListResult: allOf: - $ref: '#/definitions/BaseRuleListResult' - properties: results: description: |- Rule list results items: $ref: '#/definitions/ForwardingRule' title: |- Rule list results type: array required: - results type: object x-vmw-nsx-module: PolicyForwarding description: |- Paged Collection of ForwardingRules title: |- Paged Collection of ForwardingRules x-vmw-nsx-module: PolicyForwarding FqdnAnalysisConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: false description: | Property which specifies the enabling/disabling of the feature. title: |- Enabled type: boolean type: object x-vmw-nsx-module: PolicyUrlCategorization description: | The type contains information about the configuration of the FqdnAnalysis feature for a specific node. title: |- FQDN Analysis feature configuration entity x-vmw-nsx-module: PolicyUrlCategorization FullSyncState: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: errors: description: | Errors occurred during full sync. items: type: string readOnly: true title: |- Errors occurred during full sync type: array full_sync_id: description: | Full sync id generated by Async Replicator (AR) service. readOnly: true title: |- Full sync id type: string last_completed_stage: description: | The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request enum: - INITIAL - PAUSE_DCNS - DELETED_STALE_ENTITIES - PROCESSED_FULLSYNC_DATA - PROCESSED_DELTAS - UNPAUSE_DCNS - COMPLETED - ERROR - ABORTED readOnly: true title: |- Full sync stage that is last completed for this request. type: string last_upate_time: description: |- Timestamp of last update, could be progress or success or error. format: int64 readOnly: true type: integer start_time: description: |- Timestamp of Full Sync start. format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: PolicyFullSync description: | Provides FullSync state for Local Manager from Global Manager. title: |- Full sync state x-vmw-nsx-module: PolicyFullSync FullSyncStateListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- FullSync states list. items: $ref: '#/definitions/FullSyncState' title: |- FullSync states list type: array required: - results type: object x-vmw-nsx-module: PolicyFullSync description: |- Paged Collection of FullSync states. title: |- Paged Collection of FullSync states. x-vmw-nsx-module: PolicyFullSync GatewayFloodProtectionProfile: allOf: - $ref: '#/definitions/FloodProtectionProfile' - properties: nat_active_conn_limit: default: 4294967295 description: |- The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource. format: int64 maximum: 4294967295 minimum: 1 readOnly: false title: |- Maximum limit of active NAT connections type: integer type: object x-vmw-nsx-module: PolicyProfile x-vmw-nsx-module: PolicyProfile GatewayGeneralSecurityProfile: allOf: - $ref: '#/definitions/GeneralSecurityProfile' - properties: enable_double_flow: default: false description: |- The flag to indicate double flow check is enabled or not. This option applies only to EDGE components. readOnly: false title: |- Flag to indicate double flow check is enabled or not type: boolean type: object x-vmw-nsx-module: PolicyProfile x-vmw-nsx-module: PolicyProfile GatewayPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/Rule' title: |- Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: Policy description: |- Contains ordered list of Rules for GatewayPolicy title: |- Contains ordered list of Rules for GatewayPolicy x-vmw-nsx-module: Policy GatewayPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- GatewayPolicy list results items: $ref: '#/definitions/GatewayPolicy' title: |- GatewayPolicy list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of gateway policies title: |- Paged Collection of gateway policies x-vmw-nsx-module: Policy GatewayQosProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: burst_size: default: 1 description: | Burst size in bytes. format: int32 minimum: 1 title: |- Burst size in bytes type: integer committed_bandwitdth: default: 1 description: | Committed bandwidth in both directions specoficd in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. format: int32 minimum: 1 title: |- Committed bandwidth in Mbps type: integer excess_action: description: | Action on traffic exceeding bandwidth. enum: - DROP title: |- Action on traffic exceeding bandwidth. type: string type: object x-vmw-nsx-module: PolicyConnectivity description: | QoS profile contains configuration of rate limiting properties which can be applied in ingress and egress directions at Tier1 gateways title: |- QoS configuration of Tier1 gateway x-vmw-nsx-module: PolicyConnectivity GatewayQosProfileConfig: description: |- Gateway QoS profile configuration properties: egress_qos_profile_path: description: | Policy path to gateway QoS profile in egress direction. title: |- Egress QoS profile type: string ingress_qos_profile_path: description: | Policy path to gateway QoS profile in ingress direction. title: |- Ingress QoS profile type: string title: |- Gateway QoS profile configuration type: object x-vmw-nsx-module: PolicyConnectivity GatewayQosProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of GatewayQosProfile items: $ref: '#/definitions/GatewayQosProfile' title: |- Paginated list of GatewayQosProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity GatewayRouteCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: admin_distance: description: |- The admin distance of the next hop format: int64 title: |- The admin distance of the next hop type: integer edge_path: description: | Edge node policy path. readOnly: true title: |- Edge path type: string interface: description: |- The policy path of the interface which is used as the next hop title: |- The policy path of the interface which is used as the next hop type: string lr_component_id: description: |- Logical router component(Service Router/Distributed Router) id title: |- Logical router component(Service Router/Distributed Router) id type: string lr_component_type: description: |- Logical router component(Service Router/Distributed Router) type title: |- Logical router component(Service Router/Distributed Router) type type: string network: description: |- CIDR network address format: ip-cidr-block type: string next_hop: description: |- The IP of the next hop format: ip type: string route_type: description: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) title: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) type: string required: - route_type - network type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics GatewayRouteTableInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/GatewayRouteCsvRecord' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics GeneralSecurityProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: | GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways. enum: - GatewayGeneralSecurityProfile type: string required: - resource_type type: object x-vmw-nsx-module: PolicyProfile description: |- A profile holding general security settings. title: |- General Security profile x-vmw-nsx-module: PolicyProfile GeneralSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between General Security profile and Logical Routers. title: |- Policy General Security profile binding map x-vmw-nsx-module: PolicyProfile GenericDhcpOption: description: |- Define DHCP options other than option 121. properties: code: description: |- Code of the dhcp option. format: int64 maximum: 255 minimum: 0 title: |- DHCP option code, [0-255] type: integer values: description: |- Value of the option. items: type: string maxItems: 10 minItems: 1 title: |- DHCP option value type: array required: - code - values title: |- Generic DHCP option type: object x-vmw-nsx-module: Dhcp GenericPolicyRealizedResource: allOf: - $ref: '#/definitions/PolicyRealizedResource' - properties: enforcement_point_path: description: |- The path of the enforcement point. readOnly: true title: |- Enforcement Point Path type: string entity_type: description: |- Type of realized entity readOnly: true title: |- Type of realized entity type: string extended_attributes: description: |- Collection of type specific properties items: $ref: '#/definitions/AttributeVal' readOnly: true title: |- Collection of type specific properties type: array intent_paths: description: |- Collection of intent paths items: type: string readOnly: true title: |- Collection of intent paths type: array site_path: description: |- The site where this entity resides. readOnly: true title: |- Site Path type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Represents realized entity title: |- Generic realized entity x-vmw-nsx-module: PolicyRealizedState GenericPolicyRealizedResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of realized resources items: $ref: '#/definitions/GenericPolicyRealizedResource' title: |- Paged Collection of GenericPolicyRealizedResources type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- GenericPolicyRealizedResource list result title: |- GenericPolicyRealizedResource list result x-vmw-nsx-module: PolicyRealizedState GlobalCollectorConfig: description: | The GlobalCollectorConfig is the base class for global collector configurations for different types in a NSX domain. discriminator: collector_type properties: collector_ip: description: |- IP address for the global collector. format: ip type: string collector_port: description: |- Port for the global collector. format: int32 maximum: 65535 minimum: 0 title: |- Port for the global collector type: integer collector_type: description: |- Specify the global collector type. enum: - VRNI - WAVE_FRONT type: string required: - collector_port - collector_type - collector_ip title: |- Abstract base type for Global collector configurations of different types type: object x-vmw-nsx-module: Policy GlobalConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allow_changing_vdr_mac_in_use: default: false description: |- When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property set to true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY tranport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY tranport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage! title: |- A flag to indicate if changing the VDR MAC being used is allowed type: boolean arp_limit_per_gateway: description: | Global configuration of maximum number of ARP entries per transport node at each Tier0/Tier1 gateway. format: int32 maximum: 50000 minimum: 5000 title: |- ARP limit per Tier0/Tier1 gateway type: integer fips: $ref: '#/definitions/FIPSGlobalConfig' description: | Contains the FIPSGlobalConfig object. title: |- FIPS enabled config l3_forwarding_mode: default: IPV4_ONLY description: | Configure forwarding mode for routing. This setting does not restrict configuration for other modes. enum: - IPV4_ONLY - IPV4_AND_IPV6 title: |- L3 forwarding mode type: string mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 1280 title: |- MTU size type: integer operation_collectors: description: | The operation collector is defined to receive stats from hosts. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode. items: $ref: '#/definitions/GlobalCollectorConfig' title: |- Operation global collector config type: array uplink_mtu_threshold: default: 9000 description: |- This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU. format: int32 title: |- Upper threshold for MTU on physical and logical uplinks type: integer vdr_mac: default: 02:50:56:56:44:52 description: |- This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true. format: mac-address type: string vdr_mac_nested: default: 02:50:56:56:44:53 description: |- This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true. format: mac-address type: string type: object x-vmw-nsx-module: Policy description: |- Global configuration title: |- Global configuration x-vmw-nsx-module: Policy GlobalIdsSignature: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action. enum: - ALERT - DROP - REJECT title: |- Global IDS signature's action type: string enable: default: true description: | Flag through which user can Enable/Disable a Signature at Global Level. title: |- Flag to Enable/Disable a IDS Signature globally. type: boolean signature_id: description: | Represents the Signature's id. title: |- Signature ID type: string required: - signature_id type: object x-vmw-nsx-module: PolicyIDS description: | Global IDS signature. title: |- Global IDS signature x-vmw-nsx-module: PolicyIDS GlobalManager: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: connection_info: description: | To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate. items: $ref: '#/definitions/SiteNodeConnectionInfo' maxItems: 3 title: |- Connection information type: array fail_if_rtt_exceeded: default: true description: | Fail onboarding if maximum RTT exceeded. title: |- Fail onboarding if maximum RTT exceeded type: boolean federation_id: description: | Internally generated UUID to the federation of Global Manager. readOnly: true title: |- Global manager federation UUID type: string maximum_rtt: default: 250 description: | If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. format: int64 maximum: 1000 minimum: 0 title: |- Maximum acceptable packet round trip time (RTT) type: integer mode: description: | There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined. enum: - ACTIVE - STANDBY title: |- Mode of the global manager type: string site_id: description: | UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment. readOnly: true title: |- UUID of the site where Global manager is running type: string required: - mode type: object x-vmw-nsx-module: PolicySiteGM description: | Global Manager. title: |- Global Manager x-vmw-nsx-module: PolicySiteGM GlobalManagerConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: rtep_config: $ref: '#/definitions/GmRtepConfig' description: | Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. title: |- Global Manager federation RTEP configuration type: object x-vmw-nsx-module: PolicySiteGM description: | This configuration is distributed to all Sites participating in federation. title: |- Global Manager configuration x-vmw-nsx-module: PolicySiteGM GlobalManagerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Global Manager List Result. items: $ref: '#/definitions/GlobalManager' title: |- Global Manager List Result type: array required: - results type: object x-vmw-nsx-module: PolicySiteGM description: |- Paged Collection of Global Managers. title: |- Paged Collection of Global Managers x-vmw-nsx-module: PolicySiteGM GlobalRestoreStatus: description: |- Overall restore process status properties: description: description: |- A description of the restore status readOnly: true title: |- A description of the restore status type: string value: description: |- Global rolled-up restore status value enum: - INITIAL - SUCCESS - FAILED - RUNNING - SUSPENDED_BY_USER - SUSPENDED_FOR_USER_ACTION - SUSPENDED - ABORTED readOnly: true title: |- Global rolled-up restore status value type: string title: |- Overall restore process status type: object x-vmw-nsx-module: ClusterRestore GmFederationSiteConfig: description: |- Additional configuration required for federation at Site. properties: transit_subnet: description: | IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site. format: ip-cidr-block title: |- Transit subnet in CIDR format type: string title: |- Federation configuration for the site type: object x-vmw-nsx-module: PolicyEnforcementPointManagement GmNodeStatus: description: |- Represents the Global Manager node switchover status properties: end_time: description: |- End time of the switchover operation format: int64 title: |- End time of the switchover operation type: integer errors: description: |- Errors if any items: type: string title: |- Errors if any type: array node_id: description: |- UUID of the Global Manager node title: |- UUID of the Global Manager node type: string start_time: description: |- Start time of the switchover operation format: int64 title: |- Start time of the switchover operation type: integer status: description: |- Status of switchover operation enum: - IN_PROGRESS - COMPLETED - FAILED title: |- Status of switchover operation type: string warnings: description: |- Errors if any items: type: string title: |- Errors if any type: array title: |- Represents the Global Manager node switchover status type: object x-vmw-nsx-module: GmOperationalState GmOperationalState: description: | Represents the switchover operational state of Global Manager. Offers information about the current switchover operation including status from each Global Manager node and the errors if any. properties: consolidated_progress: description: |- Consolidated status of the current operation enum: - IN_PROGRESS - COMPLETED - FAILED title: |- Consolidated status of the current operation type: string end_time: description: |- End time of the switchover operation format: int64 title: |- End time of the switchover operation type: integer errors: description: |- Errors if any items: type: string title: |- Errors if any type: array node_statuses: description: |- Switchover status from each NSX Global Manager appliance node items: $ref: '#/definitions/GmNodeStatus' title: |- Switchover status from each NSX Global Manager appliance node type: array site_manager_ref: description: |- Timestamp reference for the change provided by SiteManager format: int64 title: |- Timestamp reference for the change provided by SiteManager type: integer start_time: description: |- Start time of the switchover operation format: int64 title: |- Start time of the switchover operation type: integer status: description: |- The current switchover operation requested. enum: - NONE - ACTIVE - STANDBY - SWITCHING_TO_ACTIVE - SWITCHING_TO_STANDBY - DECOMMISSIONED title: |- The current switchover operation requested. type: string warnings: description: |- Errors if any items: type: string title: |- Errors if any type: array required: - status title: |- Represents the operational state of Global Manager type: object x-vmw-nsx-module: GmOperationalState GmRtepConfig: description: | Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. properties: ibgp_password: description: | Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string ("") clears existing password. maxLength: 20 title: |- Password for IBGP sessions between federated sites type: string title: |- Global Manager federation RTEP configuration type: object x-vmw-nsx-module: PolicySiteGM GraphConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: axes: $ref: '#/definitions/Axes' description: |- Axes of a graph title: |- Axes of a graph display_x_value: default: false description: |- If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis. title: |- Show or hide the value of a point on X axis type: boolean graphs: description: |- Graphs items: $ref: '#/definitions/GraphDefinition' minItems: 1 title: |- Graphs type: array navigation: description: |- Hyperlink of the specified UI page that provides details. title: |- Navigation to a specified UI page type: string sub_type: default: BAR_GRAPH description: |- Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart enum: - LINE_GRAPH - BAR_GRAPH - STACKED_BAR_GRAPH title: |- Subtype of a graph type: string x_value_type: default: string description: |- x value type. enum: - string - number - date title: |- x value type type: string required: - graphs type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a graph widget title: |- Graph Configuration x-vmw-nsx-module: NsxDashboard GraphDefinition: description: |- Defines a graph properties: id: description: |- Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration. title: |- Identifier of graph type: string label: $ref: '#/definitions/Label' description: |- Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown. title: |- Label of a graph point_definition: $ref: '#/definitions/PointDefinition' description: |- Defines the points of a graph. title: |- Definition for points of a graph render_configuration: description: |- Additional rendering or conditional evaluation of the field values to be performed, if any. items: $ref: '#/definitions/RenderConfiguration' minItems: 0 title: |- Render Configuration type: array required: - point_definition title: |- Definition of a graph type: object x-vmw-nsx-module: NsxDashboard GridConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: columns: description: |- Array of columns of a Grid widget items: $ref: '#/definitions/ColumnItem' title: |- Columns type: array page_size: default: 30 description: |- Number of records per page. page_size will be effective only when the urls provided in the datasource support paging. format: int32 title: |- Page Size type: integer row_list_fields: description: |- Rows of grid or table are formed from the list of objects returned by a row list field. items: $ref: '#/definitions/RowListField' minItems: 1 title: |- List of fields from which rows are formed type: array required: - row_list_fields - columns type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a Grid or Table widget. title: |- Grid Configuration x-vmw-nsx-module: NsxDashboard Group: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: expression: description: | The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information. items: $ref: '#/definitions/Expression' title: |- Expression type: array extended_expression: description: | Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map. items: $ref: '#/definitions/Expression' maxItems: 1 title: |- Extended Expression type: array reference: default: false description: | If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false. readOnly: true title: |- Indicates if the group is a reference. type: boolean state: description: |- Realization state of this group enum: - IN_PROGRESS - SUCCESS - FAILURE title: |- Realization state of this group type: string type: object x-vmw-nsx-module: Policy description: |- Group. title: |- Group x-vmw-nsx-module: Policy GroupDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. format: int64 maximum: 100000 minimum: 1 title: |- Sequence number group discovery profile Binding Map type: integer type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Group. With this entity, user can specify intent for applying discovery profile profile to particular Group. title: |- Map for binding group with discovery profile x-vmw-nsx-module: PolicyDiscoveryProfileBinding GroupDiscoveryProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Group Discovery Profile Binding Map List Results items: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' title: |- Group Discovery Profile Binding Map List Results type: array type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Paged collection of Group Discovery Profile Binding Map title: |- Paged collection of Group Discovery Profile Binding Map x-vmw-nsx-module: PolicyDiscoveryProfileBinding GroupListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Group list results items: $ref: '#/definitions/Group' title: |- Group list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Groups title: |- Paged Collection of Groups x-vmw-nsx-module: Policy GroupMemberList: description: |- List of same type members to either add or remove from a group. properties: members: description: |- This array contains group members of similar types. items: type: string maxItems: 4000 minItems: 1 title: |- Groups members collection type: array required: - members title: |- Members to add or remove for a Group. type: object x-vmw-nsx-module: Policy GroupMemberTagsList: description: | Collection of tags used in a policy group for a particular member type properties: member_type: description: |- Member type for which we will list the tags title: |- Member type for which we will list the tags type: string tags: description: |- List of tags for the member type items: type: string title: |- List of tags for the member type type: array required: - member_type - tags title: |- Group tags list for a particular member type type: object x-vmw-nsx-module: PolicyGroupRealization GroupMemberTypeListResult: properties: result_count: description: |- Count of the member types in the results array format: int64 readOnly: true title: |- Count of the member types in the results array type: integer results: description: |- Collection of member types for the given Group items: description: |- Valid Group member type enum: - VirtualMachine - VirtualNetworkInterface - SegmentPort - Segment - CloudNativeServiceInstance - IPAddress - MACAddress - IPSet - IdentityGroup - PhysicalServer type: string title: |- Collection of member types for the given Group type: array required: - results type: object x-vmw-nsx-module: Policy GroupMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_dfw_profile_path: description: |- PolicyPath of associated IPFIX DFW Profile title: |- IPFIX DFW Profile Path type: string ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Group. Using this entity, you can specify intent for applying monitoring profile to particular Group. Group with membership criteria vm only supported as source group. Port mirroring is only supported on group with five vms. title: |- Group Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding GroupMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Group Monitoring Profile Binding Map list results items: $ref: '#/definitions/GroupMonitoringProfileBindingMap' title: |- Group Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Group Monitoring Profile Binding Maps title: |- Paged collection of Group Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding GroupTagsList: description: | Collection of tags used in a policy group listed per member type properties: results: description: |- Collection of tags used in a policy group listed per member type items: $ref: '#/definitions/GroupMemberTagsList' title: |- Collection of tags used in a policy group listed per member type type: array required: - results title: |- Group tags list listed per member type type: object x-vmw-nsx-module: PolicyGroupRealization GuestInfo: description: | Guest virtual machine details include OS name and computer name of guest VM. properties: computer_name: description: | Computer name of guest virtual machine, which is set inside guest OS. Currently this is supported for guests on ESXi that have VMware Tools installed. readOnly: true title: |- Computer name type: string os_name: description: | OS name of guest virtual machine. Currently this is supported for guests on ESXi that have VMware Tools installed. readOnly: true title: |- OS name type: string title: |- Guest virtual machine details type: object x-vmw-nsx-module: Inventory Header: description: |- Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs. properties: condition: description: |- If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string content_alignment: default: RIGHT description: |- Alignment of header labels. enum: - LEFT - RIGHT title: |- alignment for labelvalue pair type: string sub_headers: description: |- An array of label-value properties. items: $ref: '#/definitions/PropertyItem' minItems: 0 title: |- Rows type: array title: |- Widget Header type: object x-vmw-nsx-module: NsxDashboard HttpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - properties: url: default: / description: | For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. title: |- Customized HTTP request url for active health checks type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over HTTP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over HTTP x-vmw-nsx-module: TempPolicyLoadBalancer HttpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - properties: insert_client_ip_header: default: false description: | Backend web servers typically log each request they handle along with the requesting client IP address. These logs are used for debugging, analytics and other such purposes. If the deployment topology requires enabling SNAT on the load balancer, then server will see the client as the SNAT IP which defeats the purpose of logging. To work around this issue, load balancer can be configured to insert XFF HTTP header with the original client IP address. Backend servers can then be configured to log the IP address in XFF header instead of the source IP address of the connection. If XFF header is not present in the incoming request, load balancer inserts a new XFF header with the client IP address. title: |- Relative path of this object type: boolean type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over HTTP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over HTTP x-vmw-nsx-module: TempPolicyLoadBalancer HttpsPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/HttpPolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over HTTPS. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer HttpsPolicyLbVirtualServer: allOf: - $ref: '#/definitions/HttpPolicyLbVirtualServer' - properties: client_ssl_certificate_ids: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection items: type: string title: |- ssl certificates type: array client_ssl_settings: default: HIGH_SECURE_111317 description: | Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 title: |- Security profile setting type: string default_client_ssl_certificate_id: description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- ssl certificate type: string required: - default_client_ssl_certificate_id type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over HTTPS and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer ICMPTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: icmp_code: description: |- ICMP message code format: int64 maximum: 255 minimum: 0 title: |- ICMP message code type: integer icmp_type: description: |- ICMP message type format: int64 maximum: 255 minimum: 0 title: |- ICMP message type type: integer protocol: enum: - ICMPv4 - ICMPv6 type: string required: - protocol type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents IPv4 or IPv6 ICMP protocol title: |- A ServiceEntry that represents IPv4 or IPv6 ICMP protocol x-vmw-nsx-module: Policy IGMPTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents IGMP protocol title: |- A ServiceEntry that represents IGMP protocol x-vmw-nsx-module: Policy IPAddressExpression: allOf: - $ref: '#/definitions/Expression' - properties: ip_addresses: description: |- This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 4000 minItems: 1 title: |- Array of IP addresses type: array required: - ip_addresses type: object x-vmw-nsx-module: Policy description: |- Represents IP address expressions in the form of an array, to support addition of IP addresses in a group. Avoid creating groups with multiple IPAddressExpression. In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions. title: |- IP address expression node x-vmw-nsx-module: Policy IPAddressList: description: |- Collection of IP Addresses. properties: ip_addresses: description: |- The array contains IP addresses. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 4000 minItems: 1 title: |- Array of IP addresses type: array required: - ip_addresses title: |- IP Address collection. type: object x-vmw-nsx-module: Policy IPAddressPortPair: description: |- IP Address and Port information properties: ip_address: description: | The IPAddress to be combined with Port for defining specific access point. format: ip type: string port: description: | The port to be combined with IPAddress for defining a specific access point. format: int32 maximum: 65535 minimum: 0 title: |- The port for IPAddressPort combination type: integer required: - ip_address title: |- IP Address and Port information type: object x-vmw-nsx-module: TempPolicyLoadBalancer IPDiscoveryProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: arp_nd_binding_timeout: default: 10 description: | This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM. format: int32 maximum: 120 minimum: 5 title: |- ARP and ND cache timeout (in minutes) type: integer duplicate_ip_detection: $ref: '#/definitions/DuplicateIPDetectionOptions' description: | Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt. readOnly: false title: |- Duplicate IP Dection Options ip_v4_discovery_options: $ref: '#/definitions/IPv4DiscoveryOptions' description: |- Indicates IPv4 Discovery options title: |- IPv4 Discovery options ip_v6_discovery_options: $ref: '#/definitions/IPv6DiscoveryOptions' description: |- Indicates IPv6 Discovery options title: |- IPv6 Discovery options tofu_enabled: default: true description: |- Indicates whether "Trust on First Use(TOFU)" paradigm is enabled. title: |- Is TOFU enabled or not type: boolean type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Using this profile to configure different options of IP Discovery title: |- IP Discovery Profile x-vmw-nsx-module: PolicyIpDiscovery IPDiscoveryProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IP Discovery profile list results items: $ref: '#/definitions/IPDiscoveryProfile' title: |- IP Discovery profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Paged collection of IP Discovery Profiles title: |- Paged collection of IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery IPFIXDFWCollector: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: collector_ip_address: description: | IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. format: ip type: string collector_port: description: |- Port for the IPFIX DFW collector. format: int32 title: |- Port type: integer required: - collector_ip_address - collector_port type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX DFW data will be collected on collector Host IP and Port address should be provided for collector. title: |- IPFIX DFW Collector x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWCollectorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ipfix_dfw_collectors: description: |- It accepts Multiple Collectors. items: $ref: '#/definitions/IPFIXDFWCollector' minItems: 1 title: |- IPFIX DFW Collectors. type: array required: - ipfix_dfw_collectors type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX data for the NSX distributed firewall will be sent to the specified IPFIX collectors. title: |- IPFIX DFW Collector Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWCollectorProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX DFW Collection Instances list results items: $ref: '#/definitions/IPFIXDFWCollectorProfile' title: |- IPFIX DFW Collection Instances list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Paged Collection of IPFIX DFW Collector Profile title: |- Paged Collection of IPFIX DFW Collector Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_flow_export_timeout: default: 1 description: | For long standing active flows, IPFIX records will be sent per timeout period in minutes. format: int32 maximum: 60 minimum: 1 title: |- Active timeout (Minutes) type: integer ipfix_dfw_collector_profile_path: description: | Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors. title: |- IPFIX collector Paths type: string observation_domain_id: default: 0 description: | An identifier that is unique to the exporting process and used to meter the flows. format: int32 maximum: 65536 minimum: 0 title: |- Observation domain ID type: integer priority: default: 0 description: | This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. format: int32 maximum: 32000 minimum: 0 title: |- Config Priority type: integer required: - ipfix_dfw_collector_profile_path - active_flow_export_timeout type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX packets from source will be sent to IPFIX DFW collector. title: |- IPFIX DFW Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX DFW Profile list results items: $ref: '#/definitions/IPFIXDFWProfile' title: |- IPFIX DFW Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Paged Collection of IPFIX DFW Profile title: |- Paged Collection of IPFIX DFW Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXL2Collector: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: collector_ip_address: description: | IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. format: ip type: string collector_port: default: 4739 description: |- Port number for the IPFIX L2 collector. format: int32 maximum: 65535 minimum: 0 title: |- Port type: integer required: - collector_ip_address type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX packets will be collected on collector. IP and port address should be provided for collector. title: |- IPFIX L2 Collector x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2CollectorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ipfix_l2_collectors: description: |- It accepts Multiple Collector objects. items: $ref: '#/definitions/IPFIXL2Collector' maxItems: 4 minItems: 1 title: |- It accepts Multiple Collector objects. type: array required: - ipfix_l2_collectors type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX L2 data will be collected on collectors. title: |- IPFIX L2 Collector Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2CollectorProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX collector Profile list results items: $ref: '#/definitions/IPFIXL2CollectorProfile' title: |- IPFIX collector Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Paged list of IPFIX collector profiles. title: |- Paged list of IPFIX collector profiles. x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2Profile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_timeout: default: 300 description: | The time in seconds after a flow is expired even if more packets matching this flow are received by the cache. format: int32 maximum: 3600 minimum: 60 title: |- Active timeout type: integer export_overlay_flow: default: true description: | This property controls whether overlay flow info is included in the sample result. title: |- Export overlay Flow type: boolean idle_timeout: default: 300 description: | The time in seconds after a flow is expired if no more packets matching this flow are received by the cache. format: int32 maximum: 3600 minimum: 60 title: |- Idle timeout type: integer ipfix_collector_profile_path: description: | Policy path for IPFIX collector profile. User can specify only one IPFIX collector. title: |- IPFIX collector Path type: string max_flows: default: 16384 description: | The maximum number of flow entries in each exporter flow cache. format: int64 maximum: 4294967295 minimum: 0 title: |- Max flows type: integer observation_domain_id: default: 0 description: | An identifier that is unique to the exporting process and used to meter the flows. format: int64 maximum: 4294967295 minimum: 0 title: |- Observation domain ID type: integer packet_sample_probability: default: 0.1 description: | The probability in percentage that a packet is sampled, in range 0-100. The probability is equal for every packet. exclusiveMinimum: true maximum: 100 minimum: 0 title: |- Packet sample probability type: number priority: default: 0 description: | This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. format: int32 maximum: 32000 minimum: 0 title: |- Config Priority type: integer required: - ipfix_collector_profile_path - packet_sample_probability type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX data from source logical segment, port, group will be forwarded to IPFIX collector. title: |- IPFIX L2 Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2ProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX L2 Profile list results items: $ref: '#/definitions/IPFIXL2Profile' title: |- IPFIX L2 Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Paged Collection of IPFIX L2 Profile title: |- Paged Collection of IPFIX L2 Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPInfo: properties: ip_addresses: description: |- IPv4 Addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- IPv4 Addresses type: array prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 32 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: ServiceInsertionCommonTypes IPProtocolServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: protocol_number: format: int64 maximum: 255 minimum: 0 type: integer required: - protocol_number type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents an IP protocol title: |- A ServiceEntry that represents an IP protocol x-vmw-nsx-module: Policy IPSecVpnDpdProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dpd_probe_interval: description: | DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 3 format: int64 title: |- DPD Probe Interval type: integer dpd_probe_mode: default: PERIODIC description: | DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds). enum: - PERIODIC - ON_DEMAND title: |- DPD Probe Mode type: string enabled: default: true description: |- If true, enable dead peer detection. title: |- Enable dead peer detection (DPD) type: boolean retry_count: default: 10 description: | Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand. format: int64 maximum: 100 minimum: 1 title: |- Retry Count type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile. title: |- Dead peer detection (DPD) profile x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnIkeProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dh_groups: description: |- Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 - GROUP19 - GROUP20 - GROUP21 type: string title: |- DH group type: array digest_algorithms: description: |- Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. items: description: | The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. enum: - SHA1 - SHA2_256 - SHA2_384 - SHA2_512 type: string title: |- Algorithm for message hash type: array encryption_algorithms: description: |- Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128. items: description: | IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string title: |- Encryption algorithm for IKE type: array ike_version: default: IKE_V2 description: |- IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. enum: - IKE_V1 - IKE_V2 - IKE_FLEX title: |- IKE version type: string sa_life_time: default: 86400 description: |- Life time for security association. Default is 86400 seconds (1 day). format: int64 maximum: 31536000 minimum: 21600 title: |- Security association (SA) life time type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile. title: |- Internet key exchange (IKE) profile x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnLocalEndpoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: certificate_path: description: |- Policy path referencing site certificate. title: |- Certificate path type: string local_address: description: |- IPV4 Address of local endpoint. format: ipv4 type: string local_id: description: |- Local identifier. title: |- Local identifier type: string trust_ca_paths: description: |- List of policy paths referencing certificate authority (CA) to verify peer certificates. items: type: string title: |- Certificate authority (CA) paths type: array trust_crl_paths: description: |- List of policy paths referencing certificate revocation list (CRL) to peer certificates. items: type: string title: |- Certificate revocation list (CRL) paths type: array required: - local_address type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. title: |- IPSec VPN Local Endpoint x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: default: PROTECT description: | PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules. enum: - PROTECT - BYPASS readOnly: true title: |- Action to be applied type: string destinations: description: | List of peer subnets. Specifying no value is interpreted as 0.0.0.0/0. items: $ref: '#/definitions/IPSecVpnSubnet' maxItems: 128 title: |- Destination list type: array enabled: default: true description: |- A flag to enable/disable the rule. title: |- Enabled flag type: boolean logged: default: false description: |- A flag to enable/disable the logging for the rule. title: |- Logging flag type: boolean sequence_number: description: |- A sequence number is used to give a priority to an IPSecVpnRule. format: int32 minimum: 0 title: |- Sequence number of the IPSecVpnRule type: integer sources: description: | List of local subnets. Specifying no value is interpreted as 0.0.0.0/0. items: $ref: '#/definitions/IPSecVpnSubnet' maxItems: 128 title: |- Source list type: array type: object x-vmw-nsx-module: PolicyIPSecVpn description: "For policy-based IPsec VPNs, a security policy specifies as its\ \ action the VPN tunnel to be used for transit traffic that meets the policy\u2019\ s match criteria." title: |- IPSec VPN Rule x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bypass_rules: description: | Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session. items: $ref: '#/definitions/IPSecVpnRule' title: |- Bypass Policy rules type: array enabled: default: true description: |- If true, enable VPN services for given locale service. title: |- Enable virtual private network (VPN) service type: boolean ha_sync: default: true description: |- Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages. title: |- Flag to enable IPSec HA State Sync type: boolean ike_log_level: default: INFO description: |- Log level for internet key exchange (IKE). enum: - DEBUG - INFO - WARN - ERROR - EMERGENCY title: |- Internet key exchange (IKE) log level type: string type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Create and manage IPSec VPN service for given locale service. title: |- IPSec VPN service x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnSession: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: authentication_mode: default: PSK description: | Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. enum: - PSK - CERTIFICATE title: |- Authentication Mode type: string compliance_suite: description: | Compliance suite. enum: - CNSA - SUITE_B_GCM_128 - SUITE_B_GCM_256 - PRIME - FOUNDATION - FIPS - NONE title: |- Compliance suite type: string connection_initiation_mode: default: INITIATOR description: | Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. enum: - INITIATOR - RESPOND_ONLY - ON_DEMAND title: |- Connection initiation mode type: string dpd_profile_path: description: |- Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. title: |- Dead peer detection (DPD) profile path type: string enabled: default: true description: |- Enable/Disable IPSec VPN session. title: |- Enable/Disable IPSec VPN session type: boolean ike_profile_path: description: |- Policy path referencing IKE profile to be used. Default is set according to system default profile. title: |- Internet key exchange (IKE) profile path type: string local_endpoint_path: description: |- Policy path referencing Local endpoint. title: |- Local endpoint path type: string peer_address: description: |- Public IPV4 address of the remote device terminating the VPN connection. title: |- IPV4 address of peer endpoint on remote site type: string peer_id: description: |- Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. title: |- Peer id type: string psk: description: |- IPSec Pre-shared key. Maximum length of this field is 128 characters. title: |- Pre-shared key type: string resource_type: description: | A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. enum: - PolicyBasedIPSecVpnSession - RouteBasedIPSecVpnSession type: string tcp_mss_clamping: $ref: '#/definitions/TcpMaximumSegmentSizeClamping' description: | TCP Maximum Segment Size Clamping Direction and Value. title: |- TCP MSS Clamping tunnel_profile_path: description: |- Policy path referencing Tunnel profile to be used. Default is set to system default profile. title: |- IPSec tunnel profile path type: string required: - peer_address - peer_id - local_endpoint_path - resource_type type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized. title: |- IPSec VPN session x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnSubnet: description: |- Used to specify the local/peer subnets in IPSec VPN rule. properties: subnet: description: |- Subnet used in policy rule. format: ipv4-cidr-block type: string required: - subnet title: |- Subnet for IPSec Policy based VPN type: object x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnTunnelInterface: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_subnets: description: |- IP Tunnel interface (commonly referred as VTI) subnet. items: $ref: '#/definitions/TunnelInterfaceIPSubnet' maxItems: 1 minItems: 1 title: |- IP Tunnel interface subnet type: array required: - ip_subnets type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IP tunnel interface configuration. title: |- IP tunnel interface configuration x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnTunnelProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: df_policy: default: COPY description: |- Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet. enum: - COPY - CLEAR title: |- Policy for handling defragmentation bit type: string dh_groups: description: |- Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 - GROUP19 - GROUP20 - GROUP21 type: string title: |- Dh group type: array digest_algorithms: description: |- Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128". items: description: | The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. enum: - SHA1 - SHA2_256 - SHA2_384 - SHA2_512 type: string title: |- Algorithm for message hash type: array enable_perfect_forward_secrecy: default: true description: |- If true, perfect forward secrecy (PFS) is enabled. title: |- Enable perfect forward secrecy type: boolean encryption_algorithms: description: |- Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. items: description: | IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 - NO_ENCRYPTION_AUTH_AES_GMAC_128 - NO_ENCRYPTION_AUTH_AES_GMAC_192 - NO_ENCRYPTION_AUTH_AES_GMAC_256 - NO_ENCRYPTION type: string title: |- Encryption algorithm to use in IPSec tunnel establishement type: array extended_attributes: description: | Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol. items: $ref: '#/definitions/AttributeVal' readOnly: true title: |- Extended Attributes. type: array sa_life_time: default: 3600 description: |- SA life time specifies the expiry time of security association. Default is 3600 seconds. format: int64 maximum: 31536000 minimum: 900 title: |- Security association (SA) life time type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile. title: |- IPSec VPN tunnel profile x-vmw-nsx-module: PolicyIPSecVpn IPv4DiscoveryOptions: description: |- Contains IPv4 related discovery options. properties: arp_snooping_config: $ref: '#/definitions/ArpSnoopingConfig' description: |- Indicates ARP snooping options title: |- ARP snooping configuration dhcp_snooping_enabled: default: true description: |- Indicates whether DHCP snooping is enabled title: |- Is DHCP snooping enabled or not type: boolean vmtools_enabled: default: true description: | Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed. title: |- Is VM tools enabled or not type: boolean title: |- IPv4 discovery options type: object x-vmw-nsx-module: PolicyIpDiscovery IPv6DADStatus: description: |- IPv6 DAD status properties: ip_address: description: | IP address on the port for which DAD status is reported. format: ip readOnly: true type: string status: description: | DAD status for IP address on the port. enum: - DUPLICATED - TENTATIVE - ASSIGNED - NOT_APPLICABLE - UNKNOWN readOnly: true type: string transport_node: description: | Array of transport node id on which DAD status is reported for given IP address. items: $ref: '#/definitions/ResourceReference' readOnly: true title: |- Transport node type: array title: |- IPv6 DAD status type: object x-vmw-nsx-module: LogicalRouterPorts IPv6DiscoveryOptions: description: |- Contains IPv6 related discovery options. properties: dhcp_snooping_v6_enabled: default: false description: | Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time. title: |- Is DHCP snoping v6 enabled or not type: boolean nd_snooping_config: $ref: '#/definitions/NdSnoopingConfig' description: |- Indicates ND snooping options title: |- ND snooping configuration vmtools_v6_enabled: default: false description: | Enable this method will learn the IPv6 addresses which are configured on interfaces of a VM with the help of the VMTools software. type: boolean title: |- IPv6 discovery options type: object x-vmw-nsx-module: PolicyIpDiscovery IPv6Status: description: |- IPv6 status properties: connected_segment_path: description: | Path of the segment attached to the interface. readOnly: true title: |- Connected segment path type: string dad_statuses: description: | Array of DAD status which contains DAD information for IP addresses on the interface. items: $ref: '#/definitions/IPv6DADStatus' readOnly: true title: |- IPv6 DAD status type: array interface_id: description: | Policy path or realization ID of interface for which IPv6 DAD status is returned. title: |- Policy path or realization ID of interface type: string title: |- IPv6 status type: object x-vmw-nsx-module: PolicyConnectivityStatistics IcmpEchoRequestHeader: properties: id: default: 0 description: |- ICMP id format: int64 maximum: 65535 minimum: 0 title: |- ICMP id type: integer sequence: default: 0 description: |- ICMP sequence number format: int64 maximum: 65535 minimum: 0 title: |- ICMP sequence number type: integer type: object x-vmw-nsx-module: Traceflow IcmpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over ICMP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healt hchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over ICMP x-vmw-nsx-module: TempPolicyLoadBalancer Icon: description: |- Icon to be applied at dashboard for widgets and UI elements. properties: placement: default: PRE description: |- If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element. enum: - PRE - POST title: |- Position at which to display icon, if any type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the icon. items: $ref: '#/definitions/Tooltip' title: |- Multi-line tooltip type: array type: description: |- Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. enum: - ERROR - WARNING - INFO - INPROGRESS - SUCCESS - DETAIL - NOT_AVAILABLE - SECURITY - NETWORKING - LOAD_BALANCER - VPN - DOMAIN - GROUP - DISTRIBUTED_FIREWALL - NETWORKING_TIER0 - NETWORKING_TIER1 - SEGMENT - SYSTEM - SYSTEM_FABRIC - SYSTEM_BACKUPRESTORE - INVENTORY_GROUPS - SECURITY_DFW title: |- Type of icon type: string title: |- Icon type: object x-vmw-nsx-module: NsxDashboard IdentityGroupExpression: allOf: - $ref: '#/definitions/Expression' - properties: identity_groups: description: |- This array consists of set of identity group object. All members within this array are implicitly OR'ed together. items: $ref: '#/definitions/IdentityGroupInfo' maxItems: 500 minItems: 1 title: |- Array of identity group type: array required: - identity_groups type: object x-vmw-nsx-module: Policy description: |- Represents a list of identity group (Ad group SID) expressions. title: |- IdentityGroup expression node x-vmw-nsx-module: Policy IdentityGroupInfo: description: |- Identity (Directory) group properties: distinguished_name: description: | Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server. title: |- LDAP distinguished name type: string domain_base_distinguished_name: description: | This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. title: |- Identity (Directory) domain base distinguished name type: string sid: description: | A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store. title: |- Identity (Directory) Group SID (security identifier) type: string required: - distinguished_name - domain_base_distinguished_name title: |- Identity (Directory) group type: object x-vmw-nsx-module: PolicyIdentity IdentitySourceLdapServer: description: |- Information about a single LDAP server. properties: bind_identity: description: |- A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. administrator@airius.com) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com). title: |- Username or DN for LDAP authentication type: string certificates: description: |- If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case. items: type: string title: |- TLS certificate(s) for LDAP server(s) type: array enabled: default: true description: |- Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users. title: |- If true, this LDAP server is enabled type: boolean password: description: |- A password used when authenticating to the directory. title: |- Username for LDAP authentication type: string url: description: |- The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. title: |- The URL for the LDAP server type: string use_starttls: default: false description: | If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. title: |- Enable/disable StartTLS type: boolean required: - url title: |- An LDAP server type: object x-vmw-nsx-module: LdapIdentitySources IdentitySourceLdapServerEndpoint: description: |- Information about a single LDAP server endpoint. properties: url: description: |- The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. title: |- The URL for the LDAP server type: string use_starttls: default: false description: | If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. title: |- Eanble/disable StartTLS type: boolean required: - url title: |- An LDAP server endpoint type: object x-vmw-nsx-module: LdapIdentitySources IdentitySourceLdapServerProbeResult: description: |- The results of probing an individual LDAP server. properties: errors: description: |- Detail about errors encountered during the probe. items: $ref: '#/definitions/LdapProbeError' title: |- Error details type: array result: description: |- Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property. enum: - SUCCESS - FAILURE title: |- Overall result type: string url: description: |- THe URL of the probed LDAP host. title: |- LDAP Server URL type: string title: |- Results from one LDAP server probe type: object x-vmw-nsx-module: LdapIdentitySources IdsClusterConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cluster: $ref: '#/definitions/PolicyResourceReference' description: |- Contains policy resource reference object readOnly: false title: |- PolicyResourceReference ids_enabled: description: |- If set to true, IDS is enabled on the respective cluster readOnly: false title: |- Ids enabled flag type: boolean required: - cluster - ids_enabled type: object x-vmw-nsx-module: PolicyIDS description: | IDS configuration to enable/disable IDS on cluster level. title: |- Intrusion Detection System cluster configuration x-vmw-nsx-module: PolicyIDS IdsProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: criteria: description: | Represents the filtering criteria for the IDS Profile. 1. A non-empty criteria list, must be of odd size. In a list, with indices starting from 0, all IdsProfileFilterCriteria must be at even indices, separated by the IdsProfileConjunctionOperator AND at odd indices. 2. There may be at most 7 IdsProfileCriteria objects inside a list. items: $ref: '#/definitions/IdsProfileCriteria' maxItems: 7 title: |- Filtering criteria of IDS Profile type: array overridden_signatures: description: | Represents the signatures that has been overridden for this Profile. items: $ref: '#/definitions/IdsProfileLocalSignature' title: |- Represents the signatures that is overridden for the Profile type: array profile_severity: description: | Represents the severities of signatures which are part of this profile. items: description: |- Intrusion Detection System Profile severity enum: - CRITICAL - HIGH - MEDIUM - LOW type: string title: |- IDS Profile severity type: array severities: description: | Represents the severities of signatures which are part of this profile. items: $ref: '#/definitions/IdsProfileSeverity' title: |- IDS Profile severity type: array x-deprecated: true type: object x-vmw-nsx-module: PolicyIDS description: | IDS Profile which contains the signatures and will be used in IDS rules. title: |- Intrusion Detection System Profile x-vmw-nsx-module: PolicyIDS IdsProfileConjunctionOperator: allOf: - $ref: '#/definitions/IdsProfileCriteria' - properties: operator: description: |- IDS Profile Filter Condition enum: - AND title: |- IDS Profile Filter Condition type: string required: - operator type: object x-vmw-nsx-module: PolicyIDS description: |- Represents the operator AND. title: |- Represents the operator AND x-vmw-nsx-module: PolicyIDS IdsProfileCriteria: description: | All the filtering criteria objects extend from this abstract class. This is present for extensibility. discriminator: resource_type properties: resource_type: enum: - IdsProfileConjunctionOperator - IdsProfileFilterCriteria type: string required: - resource_type title: |- Base class for IDS Profile criteria type: object x-vmw-nsx-module: PolicyIDS IdsProfileFilterCriteria: allOf: - $ref: '#/definitions/IdsProfileCriteria' - properties: filter_name: description: | Represents the filter for IDS Profile. enum: - CVSS - ATTACK_TARGET - ATTACK_TYPE - PRODUCT_AFFECTED title: |- Represents the filter name type: string filter_value: description: | Represents the value of selected filter name. Note : The supported values for filter name CVSS are NONE, LOW, MEDIUM, HIGH, CRITICAL. NONE means CVSS score as 0.0 LOW means CVSS score as 0.1-3.9 MEDIUM means CVSS score as 4.0-6.9 HIGH means CVSS score as 7.0-8.9 CRITICAL means CVSS score as 9.0-10.0 items: type: string title: |- Represents the value of selected filter name type: array required: - filter_value - filter_name type: object x-vmw-nsx-module: PolicyIDS description: |- Represents the filtering criteria of a IDS Profile. title: |- IDS Profile filter criteria x-vmw-nsx-module: PolicyIDS IdsProfileLocalSignature: allOf: - $ref: '#/definitions/GlobalIdsSignature' - type: object x-vmw-nsx-module: PolicyIDS description: | IDS Profile local signature. title: |- IDS Profile local signature x-vmw-nsx-module: PolicyIDS IdsProfileSeverity: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ignore_signatures: description: | Contains the id of signatures that will be ignored as part of the profile. This field is deprecated, please use ignore_signatures field under IdsProfile to ignore the signatures. items: type: string title: |- Represents the signatures that will be ignored type: array severity: description: | Represents the severity of a profile. enum: - CRITICAL - HIGH - MEDIUM - LOW title: |- Severity of profile type: string required: - severity type: object x-vmw-nsx-module: PolicyIDS description: | Intrusion Detection System Profile severity. title: |- Intrusion Detection System Profile severity x-vmw-nsx-module: PolicyIDS IdsRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied. enum: - DETECT - DETECT_PREVENT title: |- Action type: string ids_profiles: description: | collections of IDS profiles. items: type: string maxItems: 1 minItems: 1 title: |- IDS profiles type: array type: object x-vmw-nsx-module: PolicyIDS description: |- Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups. title: |- A rule specifies the IDS security policy rule between the workload groups x-vmw-nsx-module: PolicyIDS IdsSecurityPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- IDS Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/IdsRule' title: |- IDS Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: PolicyIDS description: | Represents the Intrusion Detection System Security Policy, which contains the list of IDS Rules. title: |- Contains ordered list of IDS Rules x-vmw-nsx-module: PolicyIDS IdsSettings: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: auto_update: default: false description: | Parameter to let the user decide whether to update the IDS Signatures automatically or not. title: |- Auto update signatures flag type: boolean ids_ever_enabled: description: | Flag which tells whether IDS was ever enabled. readOnly: true title: |- Flag which tells whether IDS was ever enabled. type: boolean type: object x-vmw-nsx-module: PolicyIDS description: | Represents the Intrusion Detection System settings. title: | Intrusion Detection System settings x-vmw-nsx-module: PolicyIDS IdsSignature: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | Signature action. title: |- Represents the signature's action type: string attack_target: description: | Target of the signature. title: |- Signature attack target type: string categories: description: | Represents the internal categories a signature belongs to. items: description: | Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category. enum: - APPLICATION - MALWARE - VULNERABILITY type: string title: |- IDS Signature Internal category type: array class_type: description: | Class type of Signature. title: |- Signature class type type: string cves: description: | CVE score items: type: string title: |- Represents the cve score. type: array cvss: description: | Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. NONE means cvssv3/cvssv2 score as 0.0 LOW means cvssv3/cvssv2 score as 0.1-3.9 MEDIUM means cvssv3/cvssv2 score as 4.0-6.9 HIGH means cvssv3/cvssv2 score as 7.0-8.9 CRITICAL means cvssv3/cvssv2 score as 9.0-10.0 enum: - NONE - LOW - MEDIUM - HIGH - CRITICAL title: |- CVSS of signature type: string cvssv2: description: | Signature cvssv2 score. title: |- Signature cvssv2 score type: string cvssv3: description: | Signature cvssv3 score. title: |- Signature cvssv3 score type: string direction: description: |- Source-destination direction. title: |- Direction type: string enable: description: | Flag which tells whether the signature is enabled or not. title: |- Enable/Disable flag type: boolean flow: description: | Flow established from server, from client etc. title: |- Flow established. type: string malware_family: description: |- Family of the malware tracked in the signature. title: |- Malware Family type: string name: description: | Signature name. title: |- Represents the signature name type: string performance_impact: description: |- Performance impact of the signature. title: |- Performance impact type: string policy: description: |- Signature policy. items: type: string title: |- Policy type: array product_affected: description: | Product affected by this signature. title: |- Signature product affected type: string protocol: description: |- Protocol used in the packet analysis. title: |- Protocol type: string severity: description: | Represents the severity of the Signature. title: |- Signature severity type: string signature_id: description: | Represents the Signature's id. title: |- Signature ID type: string signature_revision: description: | Represents revision of the Signature. title: |- Signature revision type: string signature_severity: description: |- Signature vendor set severity of the signature rule. title: |- Signature severity type: string tag: description: |- Vendor assigned classification tag. items: type: string title: |- Signature tag type: array type: description: |- Signature type. items: type: string title: |- Type type: array urls: description: | List of mitre attack URLs pertaining to signature items: type: string title: |- List of mitre attack URLs pertaining to signature. type: array type: object x-vmw-nsx-module: PolicyIDS description: | Intrusion Detection System Signature . title: |- Intrusion Detection System Signature x-vmw-nsx-module: PolicyIDS IdsSignatureStatus: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: download_status: description: | READY means signatures were downloaded and parsed successfully. PENDING means that signatures download is in progress. ERROR means error occurred during signature processing. DISABLED means IDS is disabled. enum: - READY - PENDING - ERROR - DISABLED readOnly: true title: |- IDS signature download status type: string signature_status: description: | AVAILABLE means the signatures are available for the version. UNAVAILABLE means there are no available signatures for the version. enum: - AVAILABLE - UNAVAILABLE readOnly: true title: |- IDS signature status type: string version_id: description: | Represents the version id. readOnly: true title: |- Version Id type: string type: object x-vmw-nsx-module: PolicyIDS description: | Ids signature status. title: |- Intrusion Detection System signature status x-vmw-nsx-module: PolicyIDS IdsStandaloneHostConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ids_enabled: description: |- If set to true, IDS is enabled on standalone hosts. readOnly: false title: |- IDS enabled flag type: boolean required: - ids_enabled type: object x-vmw-nsx-module: PolicyIDS description: | IDS configuration to enable/disable IDS on standalone host level. title: |- Intrusion Detection System configuration x-vmw-nsx-module: PolicyIDS IncludedFieldsParameters: description: |- A list of fields to include in query results properties: included_fields: description: |- Comma separated list of fields that should be included in query result title: |- Comma separated list of fields that should be included in query result type: string title: |- A list of fields to include in query results type: object x-vmw-nsx-module: Common Infra: allOf: - $ref: '#/definitions/AbstractSpace' - properties: domains: description: | This field is used while creating or updating the infra space. items: $ref: '#/definitions/Domain' title: |- Domains for infra type: array type: object x-vmw-nsx-module: Policy description: |- Infra space related policy. title: |- Infra x-vmw-nsx-module: Policy IngressBroadcastRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- Average bandwidth in kb/s format: int32 minimum: 0 title: |- Average bandwidth in kb/s type: integer burst_size: default: 0 description: |- Burst size in bytes format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- Peak bandwidth in kb/s format: int32 minimum: 0 title: |- Peak bandwidth in kb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies ingress rate properties in kb/s title: |- A shaper that specifies ingress rate properties in kb/s x-vmw-nsx-module: PolicyQoS IngressRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- You can use the average bandwidth to reduce network congestion. format: int32 minimum: 0 title: |- Average bandwidth in Mb/s type: integer burst_size: default: 0 description: |- The burst duration is set in the burst size setting. format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- The peak bandwidth rate is used to support burst traffic. format: int32 minimum: 0 title: |- Peak bandwidth in Mb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies ingress rate properties in Mb/s title: |- A shaper that specifies ingress rate properties in Mb/s x-vmw-nsx-module: PolicyQoS InitiateClusterRestoreRequest: properties: ip_address: description: |- IP address or FQDN of the node from which the backup was taken format: hostname-or-ip readOnly: true title: |- IP address or FQDN of the node from which the backup was taken type: string node_id: description: | Unique id of the backed-up configuration from which the appliance will be restored readOnly: true title: | Unique id of the backed-up configuration from which the appliance will be restored type: string timestamp: description: | Timestamp of the backed-up configuration from which the appliance will be restored format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: ClusterRestore Injection: description: | Injection holding a key and a corresponding value. properties: key: description: |- Injection key. title: |- Key type: string value: $ref: '#/definitions/InjectionValue' description: |- Injection value. title: |- Value required: - value - key title: |- Injection type: object x-vmw-nsx-module: PolicyReaction InjectionValue: description: | Injection Value. discriminator: resource_type properties: resource_type: description: | Injection Value resource type. enum: - UnaryOperationBasedInjectionValue title: |- Resource Type type: string required: - resource_type title: |- Injection Value type: object x-vmw-nsx-module: PolicyReaction InstructionInfo: description: |- Details of the instructions displayed during restore process properties: actions: description: |- A list of actions that are to be applied to resources items: type: string readOnly: true title: |- Actions list type: array fields: description: |- A list of fields that are displayable to users in a table items: type: string readOnly: true title: |- Displayable fields type: array id: description: |- UUID of the instruction readOnly: true title: |- UUID of the instruction type: string name: description: |- Instruction name readOnly: true title: |- Instruction name type: string title: |- Details of the instructions displayed during restore process type: object x-vmw-nsx-module: ClusterRestore IntegerArrayConstraintValue: allOf: - $ref: '#/definitions/ConstraintValue' - properties: values: description: |- Array of integer values items: format: int32 type: integer maxItems: 100 minItems: 1 title: |- Array of Integer type: array required: - values type: object x-vmw-nsx-module: PolicyConstraints description: |- List of values title: |- Array of Integer Values to perform operation x-vmw-nsx-module: PolicyConstraints IntentRuntimeRequestParameters: description: | Request parameters that represents a an intent path. properties: intent_path: description: | Policy Path referencing an intent object. title: |- Policy Path of the intent object type: string site_path: description: | Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites title: |- Policy Path of the site from where the realization status needs to be fetched type: string required: - intent_path title: |- Request Parameters for Intent Runtime Information type: object x-vmw-nsx-module: PolicyBaseStatistics InterSitePortCounters: allOf: - $ref: '#/definitions/LogicalRouterPortCounters' - type: object x-vmw-nsx-module: AggSvcInterSite x-vmw-nsx-module: AggSvcInterSite InterfaceArpCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: ip: description: |- The IP address format: ip type: string mac_address: description: |- The MAC address title: |- The MAC address type: string required: - ip - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpEntry: properties: ip: description: |- The IP address format: ip type: string mac_address: description: |- The MAC address title: |- The MAC address type: string required: - ip - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpProxy: allOf: - $ref: '#/definitions/ListResult' - properties: arp_proxy_entries: description: |- Array of ARP proxy table entries items: $ref: '#/definitions/PolicyArpProxyEntry' readOnly: true title: |- Array of ARP proxy table entries type: array interface_path: description: |- Policy path of gateway interface readOnly: true title: |- Policy path of gateway interface type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpTable: allOf: - $ref: '#/definitions/ListResult' - properties: edge_path: description: | Policy path of edge node. title: |- Policy path of edge node type: string enforcement_point_path: description: | String Path of the enforcement point. title: |- Enforcement point path type: string interface_path: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/InterfaceArpEntry' type: array required: - interface_path type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpTableInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/InterfaceArpCsvRecord' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceDADState: description: |- Duplicate address detection status on the interface. properties: dad_statuses: description: | Array of DAD status which contains DAD information for IP addresses on the interface. items: $ref: '#/definitions/InterfaceIPv6DADStatus' readOnly: true title: |- IPv6 DAD status type: array interface_path: description: | Policy path or realization ID of interface for which IPv6 DAD status is returned. readOnly: true title: |- Policy path or realization ID of interface type: string title: |- Interface DAD status type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceIPv6DADStatus: description: |- Duplicate address detection status for IP address on the interface. properties: edge_paths: description: | Array of edge nodes on which DAD status is reported for given IP address. items: type: string readOnly: true title: |- Edge node paths type: array ip_address: description: | IP address on the port for which DAD status is reported. format: ip readOnly: true type: string status: description: | DAD status for IP address on the port. enum: - DUPLICATED - TENTATIVE - ASSIGNED - NOT_APPLICABLE - UNKNOWN readOnly: true type: string title: |- IPv6 DAD status for Interface type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceSubnet: description: |- Subnet specification for interface connectivity properties: ip_addresses: description: |- IP addresses assigned to interface items: description: |- IPv4 or IPv6 address format: ip type: string title: |- IP addresses assigned to interface type: array prefix_len: description: |- Subnet prefix length format: int32 maximum: 128 minimum: 1 title: |- Subnet prefix length type: integer required: - ip_addresses - prefix_len title: |- Subnet specification for interface connectivity type: object x-vmw-nsx-module: PolicyConnectivity IntersiteGatewayConfig: description: |- Intersite gateway configuration. properties: fallback_sites: description: | Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery. items: type: string title: |- Fallback sites type: array intersite_transit_subnet: default: 169.254.32.0/20 description: | IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. format: ip-cidr-block title: |- Transit subnet in CIDR format type: string last_admin_active_epoch: description: | Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value. format: int64 maximum: 4294967295 title: |- Epoch of last time admin changing active LocaleServices type: integer primary_site_path: description: | Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services. title: |- Primary egress site for gateway. type: string title: |- Intersite gateway configuration type: object x-vmw-nsx-module: PolicyConnectivity IntervalBackupSchedule: allOf: - $ref: '#/definitions/BackupSchedule' - properties: seconds_between_backups: default: 3600 description: |- Time interval in seconds between two consecutive automated backups format: int64 maximum: 86400 minimum: 300 title: |- Time interval in seconds between two consecutive automated backups type: integer type: object x-vmw-nsx-module: BackupConfiguration description: |- Schedule to specify the interval time at which automated backups need to be taken title: |- Schedule to specify the interval time at which automated backups need to be taken x-vmw-nsx-module: BackupConfiguration InvalidConfigSummary: description: | Invalid Configuration details for a category. properties: category: description: | Configuration category representing resources not supported for the federation site configuration onboarding. readOnly: true title: |- Configuration Category type: string resource_count: description: | Total resource count for category format: int64 readOnly: true title: |- Resource Count type: integer resource_summary_details: description: | Represents list of resource summaries for a configuration category which are not supported for the federation site configuration onboarding. items: $ref: '#/definitions/ResourceSummaryDetail' maxItems: 10 readOnly: true title: |- Resource Summary List type: array title: |- Invalid Configuration Summary type: object x-vmw-nsx-module: GmConfigOnboarding IpAddressAllocation: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allocation_ip: description: |- Address that is allocated from pool format: ip readOnly: true type: string type: object x-vmw-nsx-module: PolicyIpam description: |- Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release. title: |- Parameters for IP allocation x-vmw-nsx-module: PolicyIpam IpAddressBlock: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cidr: description: |- Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR. format: ip-cidr-block title: |- A contiguous IP address space represented by network address and prefix length type: string required: - cidr type: object x-vmw-nsx-module: PolicyIpam description: |- A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation. title: |- IP address space represented by network address and prefix x-vmw-nsx-module: PolicyIpam IpAddressInfo: description: |- Ipaddress information of the fabric node. properties: ip_addresses: description: |- IP Addresses of the the virtual network interface, as discovered in the source. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- IP Addresses of the the virtual network interface, as discovered in the source. type: array source: description: |- Source of the ipaddress information. enum: - VM_TOOLS readOnly: true title: |- Source of the ipaddress information. type: string title: |- Ipaddress information of the fabric node. type: object x-vmw-nsx-module: Inventory IpAddressPool: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_release_delay: description: |- Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins). format: int64 title: |- IP address release delay in milliseconds type: integer type: object x-vmw-nsx-module: PolicyIpam description: |- IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool. title: |- A collection of IP subnets x-vmw-nsx-module: PolicyIpam IpAddressPoolBlockSubnet: allOf: - $ref: '#/definitions/IpAddressPoolSubnet' - properties: auto_assign_gateway: default: true description: |- If this property is set to true, the first IP in the range will be reserved for gateway. title: |- Indicate whether default gateway is to be reserved from the range type: boolean ip_block_path: description: |- The path of the IpAddressBlock from which the subnet is to be created. title: |- The path of the IpAddressBlock from which the subnet is to be created. type: string size: description: |- The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. format: int64 title: |- Represents the size or number of IP addresses in the subnet type: integer start_ip: description: |- For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address. format: ip type: string required: - ip_block_path - size type: object x-vmw-nsx-module: PolicyIpam description: |- This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP adress space is available in the specified IpAddressBlock, the system automatically configures subnet range. title: |- IpAddressPoolSubnet dynamically carved out of a IpAddressBlock x-vmw-nsx-module: PolicyIpam IpAddressPoolStaticSubnet: allOf: - $ref: '#/definitions/IpAddressPoolSubnet' - properties: allocation_ranges: description: |- A collection of IPv4 or IPv6 IP Pool Ranges. items: $ref: '#/definitions/IpPoolRange' title: |- A collection of IPv4 or IPv6 IP Pool Ranges. type: array cidr: description: |- Subnet representation is a network address and prefix length title: |- Subnet representation is a network address and prefix length type: string dns_nameservers: description: |- The collection of upto 3 DNS servers for the subnet. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 3 title: |- The collection of upto 3 DNS servers for the subnet. type: array uniqueItems: true dns_suffix: description: |- The DNS suffix for the DNS server. format: hostname title: |- The DNS suffix for the DNS server. type: string gateway_ip: description: |- The default gateway address on a layer-3 router. format: ip type: string required: - cidr - allocation_ranges type: object x-vmw-nsx-module: PolicyIpam description: |- This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet. title: |- IpAddressPoolSubnet statically configured by a user x-vmw-nsx-module: PolicyIpam IpAddressPoolSubnet: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: |- Specifies whether the IpAddressPoolSubnet is to be carved out of a IpAddressBlock or will be specified by the user enum: - IpAddressPoolBlockSubnet - IpAddressPoolStaticSubnet type: string required: - resource_type type: object x-vmw-nsx-module: PolicyIpam description: |- IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required. title: |- Abstract class for IpSubnet in a IpAddressPool x-vmw-nsx-module: PolicyIpam IpInfo: description: | Only support IP address or subnet. Its type can be of IPv4 or IPv6. It will be converted to subnet when netmask is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24, 2008:12:12:12::2/64 => 2008:12:12:12::/64). properties: dst_ip: description: |- The destination IP address or subnet format: address-or-block-or-range type: string src_ip: description: |- The source IP address or subnet format: address-or-block-or-range type: string type: object x-vmw-nsx-module: LiveTrace IpPoolRange: allOf: - $ref: '#/definitions/Resource' - properties: end: description: |- The end IP Address of the IP Range. format: ip type: string start: description: |- The start IP Address of the IP Range. format: ip type: string required: - start - end type: object x-vmw-nsx-module: Ipam description: |- A set of IPv4 or IPv6 addresses defined by a start and end address. x-vmw-nsx-module: Ipam Ipv4Header: properties: dst_ip: description: |- The destination ip address. format: ipv4 type: string flags: default: 0 description: |- IP flags format: int64 maximum: 8 minimum: 0 title: |- IP flags type: integer protocol: default: 1 description: |- IP protocol - defaults to ICMP format: int64 maximum: 255 minimum: 0 title: |- IP protocol - defaults to ICMP type: integer src_ip: description: |- The source ip address. format: ipv4 type: string src_subnet_prefix_len: description: |- This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases. format: int64 maximum: 32 minimum: 1 title: |- source subnet prefix length. type: integer ttl: default: 64 description: |- Time to live (ttl) format: int64 maximum: 255 minimum: 0 title: |- Time to live (ttl) type: integer type: object x-vmw-nsx-module: Traceflow Ipv6DadProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dad_mode: default: LOOSE description: |- DAD Mode enum: - LOOSE - STRICT type: string ns_retries: default: 3 description: | Number of Neighbor solicitation packets generated before completing the Duplicate address detection process. format: int64 maximum: 10 minimum: 0 title: |- NS retries count type: integer wait_time: default: 1 description: | The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message. format: int64 maximum: 60 minimum: 0 title: |- Wait time type: integer type: object x-vmw-nsx-module: PolicyConnectivity description: | Duplicate address detection profile. x-vmw-nsx-module: PolicyConnectivity Ipv6DadProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of Ipv6DadProfile items: $ref: '#/definitions/Ipv6DadProfile' title: |- Paginated list of Ipv6DadProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity Ipv6Header: properties: dst_ip: description: |- The destination ip address. format: ipv6 type: string hop_limit: default: 64 description: |- Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero. format: int64 maximum: 255 minimum: 0 title: |- hop limit type: integer next_header: default: 58 description: |- Identifies the type of header immediately following the IPv6 header. format: int64 maximum: 255 minimum: 0 title: |- Identifies the type of header immediately following the IPv6 header. type: integer src_ip: description: |- The source ip address. format: ipv6 type: string type: object x-vmw-nsx-module: Traceflow Ipv6NdraProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_config: $ref: '#/definitions/RaDNSConfig' description: |- DNS Configurations title: |- DNS Configurations ra_config: $ref: '#/definitions/RAConfig' description: |- RA Configuration title: |- RA Configuration ra_mode: default: SLAAC_DNS_THROUGH_RA description: |- RA Mode enum: - DISABLED - SLAAC_DNS_THROUGH_RA - SLAAC_DNS_THROUGH_DHCP - DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP type: string reachable_timer: default: 0 description: | Neighbour reachable time duration in milliseconds. A value of 0 means unspecified. format: int64 maximum: 3600000 minimum: 0 title: |- Reachable timer type: integer retransmit_interval: default: 1000 description: | The time, in milliseconds, between retransmitted neighbour solicitation messages. A value of 0 means unspecified. format: int64 maximum: 4294967295 minimum: 0 title: |- Retransmission interval type: integer required: - ra_mode - ra_config type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity Ipv6NdraProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of Ipv6NdraProfile items: $ref: '#/definitions/Ipv6NdraProfile' title: |- Paginated list of Ipv6NdraProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity KeyValue: properties: key: description: |- Key name. readOnly: false type: string value: description: |- Key value. readOnly: false type: string required: - value - key type: object x-vmw-nsx-module: CertificateManager KeyValuePair: description: |- An arbitrary key-value pair properties: key: description: |- Key maxLength: 255 readOnly: false title: |- Key type: string value: description: |- Value maxLength: 255 readOnly: false title: |- Value type: string required: - value - key title: |- An arbitrary key-value pair type: object x-vmw-nsx-module: Common L2AutoRD: description: |- Layer 2 Auto assigned Route Distinguisher properties: l2_auto_rd: description: |- Layer 2 auto assigned route distinghusher title: |- Layer 2 auto assigned route distinghusher type: string l2_vni: description: |- Layer 2 Virtual Network Interface title: |- Layer 2 Virtual Network Interface type: string title: |- Layer 2 Auto assigned Route Distinguisher type: object x-vmw-nsx-module: PolicyConnectivityStatistics L2BridgeEndpointProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_paths: description: |- List of policy paths to edge nodes. Edge allocation for L2 bridging. items: type: string maxItems: 2 minItems: 1 title: |- List of path of Edge nodes type: array failover_mode: default: PREEMPTIVE description: |- Failover mode for the edge bridge cluster enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode for the edge bridge cluster type: string ha_mode: default: ACTIVE_STANDBY description: |- High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization. enum: - ACTIVE_STANDBY title: |- High availability mode for the edge bridge cluster type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Used to configure L2 Bridge endpoint profile title: |- Layer 2 Bridge Endpoint Profile x-vmw-nsx-module: PolicyConnectivity L2Extension: description: |- Segment specific L2 VPN configuration properties: l2vpn_path: description: | This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used. title: |- Policy path of associated L2 VPN session type: string x-deprecated: true l2vpn_paths: description: | Policy paths corresponding to the associated L2 VPN sessions items: type: string title: |- Policy paths of associated L2 VPN sessions type: array local_egress: $ref: '#/definitions/LocalEgress' description: |- Local Egress. title: |- Local Egress tunnel_id: description: |- Tunnel ID format: int32 maximum: 4093 minimum: 1 title: |- Tunnel ID type: integer title: |- Segment specific L2 VPN configuration type: object x-vmw-nsx-module: PolicyConnectivity L2ForwarderRemoteMacsPerSite: properties: remote_active_ips: description: |- Remote active IP addresses. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote active IPs type: array remote_mac_addresses: description: |- Remote mac addresses. items: type: string readOnly: true title: |- Remote mac addresses type: array remote_site: $ref: '#/definitions/ResourceReference' description: |- Remote site details. readOnly: true title: |- Remote site remote_standby_ips: description: |- Remote standby IP addresses. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote standby IPs type: array rtep_group_id: description: | 32 bit unique RTEP group id of the logical switch per site. format: int64 readOnly: true title: |- RTEP group id of logical switch per site type: integer type: object x-vmw-nsx-module: AggSvcL2Forwarder L2ForwarderStatusPerNode: properties: high_availability_status: description: | High Availability status of a service router on the edge node. enum: - ACTIVE - STANDBY - DOWN - SYNC - UNKNOWN readOnly: true title: |- Service router's HA status type: string transport_node: $ref: '#/definitions/ResourceReference' description: | Edge node details from where the router status is being retrieved. readOnly: true title: |- Transport node type: object x-vmw-nsx-module: AggSvcL2Forwarder L2TcpMaxSegmentSizeClamping: description: |- TCP MSS Clamping Direction and Value. properties: direction: default: BOTH description: | Specifies the traffic direction for which to apply MSS Clamping. enum: - NONE - BOTH title: |- Maximum Segment Size Clamping Direction type: string max_segment_size: description: | MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8852. format: int64 maximum: 8860 minimum: 108 title: |- Maximum Segment Size Value type: integer title: |- TCP MSS Clamping type: object x-vmw-nsx-module: PolicyLayer2VPN L2VPNService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enable_hub: default: false description: | This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint. title: |- Enable spoke to spoke (client) forwarding via hub (server) type: boolean encap_ip_pool: description: | IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap. items: description: |- IPv4 CIDR Block format: ipv4-cidr-block type: string title: |- IP Pool for Logical Taps type: array mode: default: SERVER description: |- Specify an L2VPN service mode as SERVER or CLIENT. enum: - SERVER - CLIENT title: |- L2VPN Service Mode type: string type: object x-vmw-nsx-module: PolicyLayer2VPN description: | L2VPN Service defines if service running as server or client. It also defines all the common properties for the multiple L2VPN Sessions associated with this service. title: |- L2VPN Service x-vmw-nsx-module: PolicyLayer2VPN L2VPNSession: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: |- Enable to extend all the associated segments. title: |- Enable L2VPN session type: boolean tcp_mss_clamping: $ref: '#/definitions/L2TcpMaxSegmentSizeClamping' description: | TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are Server mode only. title: |- TCP MSS Clamping transport_tunnels: description: |- List of transport tunnels for redundancy. items: type: string maxItems: 1 minItems: 1 title: |- List of transport tunnels type: array tunnel_encapsulation: $ref: '#/definitions/L2VPNTunnelEncapsulation' description: | Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData. readOnly: true title: |- Tunnel encapsulation config required: - transport_tunnels type: object x-vmw-nsx-module: PolicyLayer2VPN description: | Defines the tunnel local and peer addresses along with multiple tansport tunnels for redundancy. L2VPNSession belongs to only one L2VPNService. title: |- L2VPN Session x-vmw-nsx-module: PolicyLayer2VPN L2VPNTunnelEncapsulation: description: |- L2VPN tunnel encapsulation config. properties: local_endpoint_address: description: | IP Address of the local tunnel port. This property only applies in CLIENT mode. format: ipv4 readOnly: true type: string peer_endpoint_address: description: | IP Address of the peer tunnel port. This property only applies in CLIENT mode. format: ipv4 readOnly: true type: string protocol: default: GRE description: |- Encapsulation protocol used by the tunnel. enum: - GRE readOnly: true title: |- Encapsulation protocol type: string title: |- L2VPN Tunnel Encapsulation type: object x-vmw-nsx-module: PolicyLayer2VPN L2Vpn: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: | Enable to extend all the associated segments. title: |- Enable L2Vpn type: boolean transport_tunnels: description: | List of paths referencing transport tunnels. items: type: string maxItems: 1 minItems: 1 title: |- List of paths referencing transport tunnels type: array required: - transport_tunnels type: object x-vmw-nsx-module: PolicyL2Vpn description: | Contains information necessary to configure L2Vpn. title: |- L2 Virtual Private Network Configuration x-vmw-nsx-module: PolicyL2Vpn L2VpnContext: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enable_hub: default: false description: | If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local. title: |- Enable to act as hub type: boolean type: object x-vmw-nsx-module: PolicyL2Vpn description: | L2Vpn Context provides meta-data information about the parent Tier-0. title: |- L2Vpn Context x-vmw-nsx-module: PolicyL2Vpn L3Vpn: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dh_groups: description: | Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 type: string maxItems: 1 title: |- DH group type: array uniqueItems: true enable_perfect_forward_secrecy: default: true description: | If true, perfect forward secrecy (PFS) is enabled. title: |- Enable perfect forward secrecy type: boolean enabled: default: true description: | Flag to enable L3Vpn. Default is enabled. title: |- Enable L3Vpn type: boolean ike_digest_algorithms: description: | Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. items: description: | The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_256 produces 256 bit hash. enum: - SHA1 - SHA2_256 type: string maxItems: 1 title: |- Digest Algorithm for IKE type: array uniqueItems: true ike_encryption_algorithms: description: | Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128. items: description: | IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string maxItems: 1 title: |- Encryption algorithm for IKE type: array uniqueItems: true ike_version: default: IKE_V2 description: | IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. enum: - IKE_V1 - IKE_V2 - IKE_FLEX type: string l3vpn_session: $ref: '#/definitions/L3VpnSession' description: |- L3Vpn Session title: |- L3Vpn Session local_address: description: |- IPv4 address of local gateway format: ipv4 type: string passphrases: description: | List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any. items: type: string maxItems: 1 title: |- List of IPSec pre-shared keys type: array uniqueItems: true remote_private_address: description: | This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address. title: |- Identifier of the remote site type: string remote_public_address: description: |- Public IPv4 address of remote gateway format: ipv4 type: string tunnel_digest_algorithms: description: | Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty. items: description: | The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_256 produces 256 bit hash. enum: - SHA1 - SHA2_256 type: string maxItems: 1 title: |- Digest Algorithm for Tunnel Establishment type: array uniqueItems: true tunnel_encryption_algorithms: description: | Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. items: description: | TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string maxItems: 1 title: |- Encryption algorithm for Tunnel Establishement type: array uniqueItems: true required: - local_address - remote_public_address - l3vpn_session type: object x-vmw-nsx-module: PolicyL3Vpn description: | Contains information necessary to configure IPSec VPN. title: |- L3 Virtual Private Network Configuration x-vmw-nsx-module: PolicyL3Vpn L3VpnContext: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: available_local_addresses: description: | Local gateway IPv4 addresses available for configuration of each L3Vpn. items: $ref: '#/definitions/PolicyIPAddressInfo' title: |- IPv4 addresses of the local gateway type: array uniqueItems: true bypass_rules: description: | Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules. items: $ref: '#/definitions/L3VpnRule' title: |- List of Bypass L3VpnRules type: array uniqueItems: true enabled: default: true description: | If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0. title: |- Enable L3 Virtual Private Network (VPN) service type: boolean ike_log_level: default: INFO description: | Log level for internet key exchange (IKE). enum: - DEBUG - INFO - WARN - ERROR - EMERGENCY title: |- Internet key exchange (IKE) log level type: string label: description: | Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs. title: |- Policy path referencing Label type: string type: object x-vmw-nsx-module: PolicyL3Vpn description: | L3Vpn Context provides the configuration context that different L3Vpns can consume. title: |- L3Vpn Context x-vmw-nsx-module: PolicyL3Vpn L3VpnRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: default: PROTECT description: | Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules. enum: - PROTECT - BYPASS title: |- Action to apply to the traffic transiting through the L3Vpn type: string destinations: description: | List of remote subnets used in policy-based L3Vpn. items: $ref: '#/definitions/L3VpnSubnet' maxItems: 128 minItems: 1 title: |- List of remote subnets type: array uniqueItems: true sequence_number: description: | This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext. format: int32 title: |- Sequence number of the L3VpnRule type: integer sources: description: | List of local subnets used in policy-based L3Vpn. items: $ref: '#/definitions/L3VpnSubnet' maxItems: 128 minItems: 1 title: |- List of local subnets type: array uniqueItems: true required: - sources - destinations type: object x-vmw-nsx-module: PolicyL3Vpn description: | For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used for transit traffic that meets the rule's match criteria. title: |- L3Vpn Rule x-vmw-nsx-module: PolicyL3Vpn L3VpnSession: description: | Contains information about L3Vpn session. discriminator: resource_type properties: resource_type: description: | - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. enum: - PolicyBasedL3VpnSession - RouteBasedL3VpnSession type: string required: - resource_type title: |- L3Vpn Session type: object x-vmw-nsx-module: PolicyL3Vpn L3VpnSubnet: description: | Used to specify subnets in L3Vpn rule. properties: subnet: description: | Subnet used in L3Vpn Rule. format: ipv4-cidr-block type: string required: - subnet title: |- Subnet used in L3Vpn Rule type: object x-vmw-nsx-module: PolicyL3Vpn L4PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: default: SOURCE_IP description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - SOURCE_IP persistence ensures all connections from a client (identified by IP address) are sent to the same backend server for a specified period. - This object is not required and persistence is disabled by default enum: - SOURCE_IP title: |- Persistence method used by PolicyLbVirtualServer(s) type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for L4 type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer L4PortSetServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: destination_ports: description: | Number of values should not exceed 15, ranges count as 2 values. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array l4_protocol: enum: - TCP - UDP type: string source_ports: description: | Number of values should not exceed 15, ranges count as 2 values. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array required: - l4_protocol type: object x-vmw-nsx-module: Policy description: | L4PortSet can be specified in comma separated notation of parts. Parts of a L4PortSet includes single integer or range of port in hyphen notation. Example of a PortSet: "22, 33-70, 44". title: |- An ServiceEntry that represents TCP or UDP protocol x-vmw-nsx-module: Policy L7PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: default: COOKIE description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - COOKIE persistence allows related client connections, identified by the same cookie in HTTP requests [Refer to HTTP Cookie for details on HTTP cookies], to be redirected to the same server. Load balancer does not maintain any persistence table for cookie persistence. Instead, it encodes the necessary information in the HTTP cookie value sent to client and relies on the client to store it and send it back in subsequent related HTTP requests. Hence there is no limit on the number of cookie persistence entries that can be supported. - This object is not required and persistence is disabled by default enum: - COOKIE title: |- Persistence method used by PolicyLbVirtualServer(s) type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for L7 type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer LBAccessListControl: description: | LBAccessListControl is used to define how IP access list control can filter the connections from clients. properties: action: description: | ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed. enum: - ALLOW - DROP title: |- IP access list control action type: string enabled: default: false description: | The enabled flag indicates whether to enable access list control option. It is false by default. title: |- Whether to enable access list control option type: boolean group_path: description: | The path of grouping object which defines the IP addresses or ranges to match the client IP. title: |- Grouping object path type: string required: - action - group_path title: |- IP access list control to filter the connections from clients type: object x-vmw-nsx-module: PolicyLoadBalancer LBActiveMonitor: allOf: - $ref: '#/definitions/LBMonitorProfile' - properties: fall_count: default: 3 description: | Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor fall count for active healthchecks type: integer interval: default: 5 description: | Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor interval in seconds for active healthchecks type: integer monitor_port: description: | Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. format: int32 maximum: 65535 minimum: 0 title: |- Monitor port for active healthchecks type: integer rise_count: default: 3 description: | Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor rise count for active healthchecks type: integer timeout: default: 5 description: | Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor timeout in seconds for active healthchecks type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | All the active types of LBMonitorProfile extend from this abstract class. This is present for extensibility. title: |- Base class for each type of active LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBAppProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: | An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases. enum: - LBHttpProfile - LBFastTcpProfile - LBFastUdpProfile type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- App profile. title: |- App profile x-vmw-nsx-module: PolicyLoadBalancer LBClientCertificateIssuerDnCondition: description: |- Match condition for client certficate issuer DN. properties: case_sensitive: default: true description: | If true, case is significant when comparing issuer DN value. title: |- A case sensitive flag for issuer DN comparing type: boolean issuer_dn: description: |- Value of issuer DN. title: |- Value of issuer DN type: string match_type: default: REGEX description: |- Match type of issuer DN. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - issuer_dn title: |- Match condition for client certficate issuer DN type: object x-vmw-nsx-module: PolicyLoadBalancer LBClientCertificateSubjectDnCondition: description: |- Match condition for client certficate subject DN. properties: case_sensitive: default: true description: | If true, case is significant when comparing subject DN value. title: |- A case sensitive flag for subject DN comparing type: boolean match_type: default: REGEX description: |- Match type of subject DN. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string subject_dn: description: |- Value of subject DN. title: |- Value of subject DN type: string required: - subject_dn title: |- Match condition for client certficate subject DN type: object x-vmw-nsx-module: PolicyLoadBalancer LBClientSslProfile: allOf: - $ref: '#/definitions/LBSslProfile' - properties: cipher_group_label: description: | It is a label of cipher group which is mostly consumed by GUI. enum: - BALANCED - HIGH_SECURITY - HIGH_COMPATIBILITY - CUSTOM type: string ciphers: description: |- Supported SSL cipher list to client side. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Supported SSL cipher list to client side type: array is_fips: description: | This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. readOnly: true title: |- FIPS compliance of ciphers and protocols type: boolean is_secure: description: | This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. readOnly: true title: |- Secure/Insecure SSL profile flag type: boolean prefer_server_ciphers: default: true description: | During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. title: |- Prefer server ciphers flag type: boolean protocols: description: | SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. items: description: |- SSL protocol enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Supported SSL protocol list to client side type: array session_cache_enabled: default: true description: | SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. title: |- Session cache enable/disable flag type: boolean session_cache_timeout: default: 300 description: | Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. format: int64 maximum: 86400 minimum: 1 title: |- SSL session cache timeout value type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Client SSL profile. title: |- Client SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBClientSslProfileBinding: description: |- Client SSL profile binding. properties: certificate_chain_depth: default: 3 description: | Authentication depth is used to set the verification depth in the client certificates chain. format: int64 maximum: 2147483647 minimum: 1 title: |- The maximum traversal depth of client certificate chain type: integer client_auth: default: IGNORE description: |- Client authentication mode. enum: - REQUIRED - IGNORE type: string client_auth_ca_paths: description: | If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. items: type: string title: |- CA path list to verify client certificate type: array client_auth_crl_paths: description: | A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. items: type: string title: |- CRL path list to verify client certificate type: array default_certificate_path: description: | A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- Default service certificate identifier type: string sni_certificate_paths: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. items: type: string title: |- SNI certificate path list type: array ssl_profile_path: description: | Client SSL profile defines reusable, application-independent client side SSL properties. title: |- Client SSL profile path type: string required: - default_certificate_path title: |- Client SSL profile binding type: object x-vmw-nsx-module: PolicyLoadBalancer LBConnectionDropAction: allOf: - $ref: '#/definitions/LBRuleAction' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to drop the connections. There is no extra propery in this action. If there is no match condition specified, the connection will be always dropped. This action can be specified at HTTP_ACCESS or HTTP_FORWARDING pahse. title: |- Action to drop connections x-vmw-nsx-module: PolicyLoadBalancer LBCookiePersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: cookie_domain: description: | HTTP cookie domain could be configured, only available for insert mode. title: |- Cookie domain type: string cookie_fallback: default: true description: | If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server. title: |- Cookie persistence fallback type: boolean cookie_garble: default: true description: | If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. title: |- Cookie persistence garble type: boolean cookie_httponly: default: false description: | If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode. title: |- Cookie httponly flag type: boolean cookie_mode: default: INSERT description: |- Cookie persistence mode. enum: - INSERT - PREFIX - REWRITE type: string cookie_name: default: NSXLB description: |- Cookie name. title: |- Cookie name type: string cookie_path: description: | HTTP cookie path could be set, only available for insert mode. title: |- Cookie path type: string cookie_secure: default: false description: | If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode. title: |- Cookie secure flag type: boolean cookie_time: $ref: '#/definitions/LBCookieTime' description: | Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. title: |- Cookie time setting type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. title: |- LBPersistenceProflie using Cookies for L7 LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer LBCookieTime: description: |- Cookie time. discriminator: type properties: type: description: | Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting enum: - LBSessionCookieTime - LBPersistenceCookieTime type: string required: - type title: |- Cookie time type: object x-vmw-nsx-module: PolicyLoadBalancer LBFastTcpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: close_timeout: default: 8 description: | It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection. format: int64 maximum: 60 minimum: 1 title: |- TCP connection idle timeout in seconds type: integer ha_flow_mirroring_enabled: default: false description: | If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. title: |- Flow mirroring enabled flag type: boolean idle_timeout: default: 1800 description: | It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up. format: int64 maximum: 2147483647 minimum: 1 title: |- TCP connection idle timeout in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Fast TCP profile. title: |- Fast TCP profile x-vmw-nsx-module: PolicyLoadBalancer LBFastUdpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: flow_mirroring_enabled: default: false description: | If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. title: |- Flow mirroring enabled flag type: boolean idle_timeout: default: 300 description: | Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up. format: int64 maximum: 2147483647 minimum: 1 title: |- UDP idle timeout in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Fast UDP profile. title: |- Fast UDP profile x-vmw-nsx-module: PolicyLoadBalancer LBGenericPersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: ha_persistence_mirroring_enabled: default: false description: | The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. title: |- Mirroring enabled flag type: boolean timeout: default: 300 description: | When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence entry expiration time in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to virtual server directly, it can be specified in LB rule actions. In HTTP forwarding phase, the profile can be specified in LBVariablePersistenceOnAction. In HTTP response rewriting phase, the profile can be specified in LBVariablePersistenceLearnAction. title: |- LB generic persistence profile x-vmw-nsx-module: PolicyLoadBalancer LBHttpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: request_body: description: | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. title: |- HTTP health check request body type: string request_headers: description: |- Array of HTTP request headers. items: $ref: '#/definitions/LbHttpRequestHeader' title: |- Array of HTTP request headers type: array request_method: default: GET description: |- The health check method for HTTP monitor type. enum: - GET - OPTIONS - POST - HEAD - PUT type: string request_url: default: / description: | For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. title: |- Customized HTTP request url for active health checks type: string request_version: default: HTTP_VERSION_1_1 description: |- HTTP request version. enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 type: string response_body: description: | If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. title: |- Response body to match type: string response_status_codes: description: | The HTTP response status code should be a valid HTTP status code. items: format: int32 type: integer maxItems: 64 title: |- Array of single HTTP response status codes type: array type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over HTTP x-vmw-nsx-module: PolicyLoadBalancer LBHttpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: http_redirect_to: description: | If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL. title: |- Http redirect static URL type: string http_redirect_to_https: default: false description: | Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. title: |- Flag to indicate whether enable HTTP-HTTPS redirect type: boolean idle_timeout: default: 15 description: | It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. format: int64 maximum: 5400 minimum: 1 title: |- HTTP application idle timeout in seconds type: integer ntlm: description: | NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value. title: |- NTLM support flag type: boolean x-deprecated: true request_body_size: description: | If it is not specified, it means that request body size is unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum size of the buffer used to store HTTP request body type: integer request_header_size: default: 1024 description: | A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. format: int64 minimum: 1 title: |- Maximum size of the buffer used to store HTTP request headers type: integer response_buffering: default: false description: | When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. When buffering is enabled, LB receives a response from the backend server as soon as possible, saving it into the buffers. title: |- Enable or disable buffering of responses type: boolean response_header_size: default: 4096 description: | A response with header larger than response_header_size will be dropped. format: int64 maximum: 65536 minimum: 1 title: |- Maximum size of the buffer used to store HTTP response headers type: integer response_timeout: default: 60 description: "If server doesn\u2019t send any packet within this time, the\ \ connection is closed.\n" format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum server idle time in seconds type: integer server_keep_alive: description: | If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm. title: |- Server keep-alive flag type: boolean x_forwarded_for: description: | When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. enum: - INSERT - REPLACE type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Http profile. title: |- Http profile x-vmw-nsx-module: PolicyLoadBalancer LBHttpRedirectAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: redirect_status: description: |- HTTP response status code. title: |- HTTP response status code type: string redirect_url: description: |- The URL that the HTTP request is redirected to. title: |- The URL that the HTTP request is redirected to type: string required: - redirect_status - redirect_url type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to redirect HTTP request messages to a new URL. The reply_status value specified in this action is used as the status code of HTTP response message which is sent back to client (Normally a browser). The HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307, etc. The redirect_url is the new URL that the HTTP request message is redirected to. Normally browser will send another HTTP request to the new URL after receiving a redirection response message. Captured variables and built-in variables can be used in redirect_url field. For example, to redirect all HTTP requests to HTTPS requests for a virtual server. We create an LBRule without any conditions, add an LBHttpRedirectAction to the rule. Set the redirect_url field of the LBHttpRedirectAction to: https://$_host$_request_uri And set redirect_status to "302", which means found. This rule will redirect all HTTP requests to HTTPS server port on the same host. title: |- Action to redirect HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRejectAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: reply_message: description: |- Response message. title: |- Response message type: string reply_status: description: |- HTTP response status code. title: |- HTTP response status code type: string required: - reply_status type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to reject HTTP request messages. The specified reply_status value is used as the status code for the corresponding HTTP response message which is sent back to client (Normally a browser) indicating the reason it was rejected. Reference official HTTP status code list for your specific HTTP version to set the reply_status properly. LBHttpRejectAction does not support variables. title: |- Action to reject HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestBodyCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: body_value: description: |- HTTP request body title: |- HTTP request body type: string case_sensitive: default: true description: | If true, case is significant when comparing HTTP body value. title: |- A case sensitive flag for HTTP body comparing type: boolean match_type: default: REGEX description: |- Match type of HTTP body enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - body_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match the message body of an HTTP request. Typically, only HTTP POST, PATCH, or PUT requests have request body. The match_type field defines how body_value field is used to match the body of HTTP requests. title: |- Condition to match content of HTTP request message body x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestCookieCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing cookie value. title: |- A case sensitive flag for cookie value comparing type: boolean cookie_name: description: |- Cookie name. title: |- Name of cookie type: string cookie_value: description: |- Cookie value. title: |- Value of cookie type: string match_type: default: REGEX description: |- Match type of cookie value. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - cookie_name - cookie_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP request messages by cookie which is a specific type of HTTP header. The match_type and case_sensitive define how to compare cookie value. title: |- Condition to match HTTP request cookie x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing HTTP header value. title: |- A case sensitive flag for HTTP header value comparing type: boolean header_name: default: Host description: |- Name of HTTP header title: |- Name of HTTP header type: string header_value: description: |- Value of HTTP header title: |- Value of HTTP header type: string match_type: default: REGEX description: |- Match type of HTTP header value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - header_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP request messages by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP requests. The header_name field does not support match types. title: |- Condition to match HTTP request header x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderDeleteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP request message. title: |- Name of a header field of HTTP request message type: string required: - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to delete header fields of HTTP request messages at HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers with same header name. To delete headers with different header names, multiple actions must be defined. title: |- Action to delete HTTP request header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of HTTP request header. title: |- Name of HTTP request header type: string header_value: description: |- Value of HTTP request header. title: |- Value of HTTP request header type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite header fields of matched HTTP request messages to specified new values. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables. title: |- Action to rewrite header fields of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestMethodCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: method: description: |- Type of HTTP request method enum: - GET - OPTIONS - POST - HEAD - PUT type: string required: - method type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match method of HTTP requests. If the method of an HTTP request is same as the method specified in this condition, the HTTP request match this condition. For example, if the method field is set to GET in this condition, any HTTP request with GET method matches the condition. title: |- Condition to match method of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriArgumentsCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing URI arguments. title: |- A case sensitive flag for URI arguments comparing type: boolean match_type: default: REGEX description: |- Match type of URI arguments enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string uri_arguments: description: | URI arguments, aka query string of URI. title: |- URI arguments type: string required: - uri_arguments type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match URI arguments aka query string of Http request messages, for example, in URI http://exaple.com?foo=1&bar=2, the "foo=1&bar=2" is the query string containing URI arguments. In an URI scheme, query string is indicated by the first question mark ("?") character and terminated by a number sign ("#") character or by the end of the URI. The uri_arguments field can be specified as a regular expression(Set match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP requests whose URI arguments containing "foo", the value of foo contains only digits. And the value of foo is captured as $x which can be used in LBRuleAction fields which support variables. title: |- Condition to match URI arguments of HTTP requests x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing URI. title: |- A case sensitive flag for URI comparing type: boolean match_type: default: REGEX description: |- Match type of URI enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string uri: description: |- A string used to identify resource title: |- A string used to identify resource type: string required: - uri type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match URIs(Uniform Resource Identifier) of HTTP request messages. The URI field can be specified as a regular expression. If an HTTP request message is requesting an URI which matches specified regular expression, it matches the condition. The syntax of whole URI looks like this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] This condition matches only the path part of entire URI. When match_type field is specified as REGEX, the uri field is used as a regular expression to match URI path of HTTP requests. For example, to match any URI that has "/image/" or "/images/", uri field can be specified as: "/image[s]?/". Named capturing groups can be used in the uri field to capture substrings of matched URIs and store them in variables for use in LBRuleAction. For example, specify uri field as: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)" If the URI path is /articles/news/2017/06/xyz.html, then substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can then be used in an LBRuleAction field which supports variables, such as uri field of LBHttpRequestUriRewriteAction. For example, set the uri field of LBHttpRequestUriRewriteAction as: "/articles/news/$year-$month-$article" Then the URI path /articles/news/2017/06/xyz.html is rewritten to: "/articles/news/2017-06-xyz.html" title: |- Condition to match URIs of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: uri: description: |- URI of HTTP request. title: |- URI of HTTP request type: string uri_arguments: description: | Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2. title: |- URI arguments type: string required: - uri type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite URIs in matched HTTP request messages. Specify the uri and uri_arguments fields in this condition to rewrite the matched HTTP request message's URI and URI arguments to the new values. Full URI scheme of HTTP messages have following syntax: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri field of this action is used to rewrite the /path part in above scheme. And the uri_arguments field is used to rewrite the query part. Captured variables and built-in variables can be used in the uri and uri_arguments fields. Check the example in LBRuleAction to see how to use variables in this action. title: |- Action to rewrite HTTP request URIs. x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestVersionCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: version: description: |- HTTP version enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 type: string required: - version type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match the HTTP protocol version of the HTTP request messages. title: |- Condition to match HTTP protocol version of HTTP requests x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing HTTP header value. title: |- A case sensitive flag for HTTP header value comparing type: boolean header_name: description: |- Name of HTTP header field title: |- Name of HTTP header field type: string header_value: description: |- Value of HTTP header field title: |- Value of HTTP header field type: string match_type: default: REGEX description: |- Match type of HTTP header value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP response messages from backend servers by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP responses. The header_name field does not support match types. title: |- Condition to match a header field of HTTP response x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderDeleteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP response message. title: |- Name of a header field of HTTP response message type: string required: - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to delete header fields of HTTP response messages at HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers with same header name. To delete headers with different header names, multiple actions must be defined. title: |- Action to delete HTTP response header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP request message. title: |- Name of a header field of HTTP request message type: string header_value: description: |- Value of header field title: |- Value of header field type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite header fields of HTTP response messages to specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables. title: |- Action to rewrite HTTP response header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpSslCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: client_certificate_issuer_dn: $ref: '#/definitions/LBClientCertificateIssuerDnCondition' description: | The issuer DN match condition of the client certificate for an established SSL connection. title: |- The issuer DN match condition of the client certificate client_certificate_subject_dn: $ref: '#/definitions/LBClientCertificateSubjectDnCondition' description: | The subject DN match condition of the client certificate for an established SSL connection. title: |- The subject DN match condition of the client certificate client_supported_ssl_ciphers: description: |- Cipher list which supported by client. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Cipher list which supported by client type: array session_reused: default: IGNORE description: |- The type of SSL session reused. enum: - IGNORE - REUSED - NEW type: string used_protocol: description: |- Protocol of an established SSL connection. enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string used_ssl_cipher: description: |- Cipher used for an established SSL connection. enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match SSL handshake and SSL connection at all phases.If multiple properties are configured, the rule is considered a match when all the configured properties are matched. title: |- Condition to match SSL handshake and SSL connection x-vmw-nsx-module: PolicyLoadBalancer LBHttpsMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: request_body: description: | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. title: |- HTTP health check request body type: string request_headers: description: |- Array of HTTP request headers. items: $ref: '#/definitions/LbHttpRequestHeader' title: |- Array of HTTP request headers type: array request_method: default: GET description: |- The health check method for HTTP monitor type. enum: - GET - OPTIONS - POST - HEAD - PUT type: string request_url: default: / description: | For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters. title: |- Customized HTTPS request url for active health checks type: string request_version: default: HTTP_VERSION_1_1 description: |- HTTP request version. enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 type: string response_body: description: | If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. title: |- Response body to match type: string response_status_codes: description: | The HTTP response status code should be a valid HTTP status code. items: format: int32 type: integer maxItems: 64 title: |- Array of single HTTP response status codes type: array server_ssl_profile_binding: $ref: '#/definitions/LBServerSslProfileBinding' description: | The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server. title: |- Pool side SSL binding setting type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTPS. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over HTTPS x-vmw-nsx-module: PolicyLoadBalancer LBIcmpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: data_length: default: 56 description: |- The data size (in byte) of the ICMP healthcheck packet format: int64 maximum: 65507 minimum: 0 title: |- The data size (in byte) of the ICMP healthcheck packet type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over ICMP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healt hchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over ICMP x-vmw-nsx-module: PolicyLoadBalancer LBIpHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: group_path: description: | Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. title: |- Grouping object path type: string source_address: description: | Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. format: address-or-block-or-range type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match IP header fields of HTTP messages. Either source_address or group_id should be specified. title: |- Condition to match IP header fields x-vmw-nsx-module: PolicyLoadBalancer LBJwtAuthAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: key: $ref: '#/definitions/LBJwtKey' description: |- LBJwtKey used for verifying the signature of JWT token title: |- LBJwtKey used for verifying the signature of JWT token pass_jwt_to_pool: default: false description: | Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. title: |- Whether to pass the JWT to backend server or remove it type: boolean realm: description: | A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". title: |- JWT realm type: string tokens: description: | JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". items: type: string title: |- JWT tokens type: array type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to control access to backend server resources using JSON Web Token(JWT) authentication. The JWT authentication is done before any HTTP manipulation if the HTTP request matches the given condition in LBRule. Any verification failed, the HTTP process will be terminated, and HTTP response with 401 status code and WWW-Authentication header will be returned to client. title: |- Action to control access using JWT authentication x-vmw-nsx-module: PolicyLoadBalancer LBJwtCertificateKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: certificate_path: description: |- Certificate identifier title: |- Certificate identifier type: string required: - certificate_path type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify certificate which is used to verify the signature of JWT tokens. title: |- Specifies certificate used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBJwtKey: description: | LBJwtKey specifies the symmetric key or asymmetric public key used to decrypt the data in JWT. discriminator: type properties: type: description: | The property is used to identify JWT key type. enum: - LBJwtCertificateKey - LBJwtSymmetricKey - LBJwtPublicKey type: string required: - type title: |- Load balancer JWT key type: object x-vmw-nsx-module: PolicyLoadBalancer LBJwtPublicKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: public_key_content: description: |- Content of public key title: |- Content of public key type: string required: - public_key_content type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify the public key content which is used to verify the signature of JWT tokens. title: |- Specifies public key content used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBJwtSymmetricKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: {} type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify the symmetric key which is used to verify the signature of JWT tokens. title: |- Specifies the symmetric key used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBMonitorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: | There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. enum: - LBTcpMonitorProfile - LBUdpMonitorProfile - LBIcmpMonitorProfile - LBHttpMonitorProfile - LBHttpsMonitorProfile - LBPassiveMonitorProfile type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer x-vmw-nsx-module: PolicyLoadBalancer LBPassiveMonitorProfile: allOf: - $ref: '#/definitions/LBMonitorProfile' - properties: max_fails: default: 5 description: | When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period format: int64 maximum: 2147483647 minimum: 1 title: |- Number of consecutive connection failures type: integer timeout: default: 5 description: | After this timeout period, the member is tried again for a new connection to see if it is available. format: int64 maximum: 2147483647 minimum: 1 title: |- Timeout in seconds before it is selected again for a new connection type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The passive type of LBMonitorProfile. title: |- Base class for each type of active LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBPersistenceCookieTime: allOf: - $ref: '#/definitions/LBCookieTime' - properties: cookie_max_idle: description: | HTTP cookie max-age to expire cookie, only available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence cookie max idle time in seconds type: integer required: - cookie_max_idle type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Persistence cookie time. title: |- Persistence cookie time x-vmw-nsx-module: PolicyLoadBalancer LBPersistenceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: persistence_shared: default: false description: | Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. title: |- Persistence shared across LBVirtualServers type: boolean resource_type: description: | The resource_type property identifies persistence profile type. enum: - LBSourceIpPersistenceProfile - LBCookiePersistenceProfile - LBGenericPersistenceProfile title: |- Persistence profile type type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to LBVirtualServer directly, it can be specified in LBVariablePersistenceOnAction or LBVariablePersistenceLearnAction in LBRule. If a user attaches a LBGenericPersistenceProfile directly to a virtual server, the operation is rejected. title: |- Contains the information related to load balancer persistence options x-vmw-nsx-module: PolicyLoadBalancer LBPool: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_monitor_paths: description: | In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP. items: type: string title: |- Active monitor path list type: array algorithm: default: ROUND_ROBIN description: | Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies. enum: - ROUND_ROBIN - WEIGHTED_ROUND_ROBIN - LEAST_CONNECTION - WEIGHTED_LEAST_CONNECTION - IP_HASH title: |- Load balancing algorithm type: string member_group: $ref: '#/definitions/LBPoolMemberGroup' description: | Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified. title: |- Load balancer member setting with grouping object members: description: | Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port. items: $ref: '#/definitions/LBPoolMember' title: |- Load balancer pool members type: array min_active_members: default: 1 description: | A pool is considered active if there are at least certain minimum number of members. format: int64 maximum: 2147483647 minimum: 1 title: |- Minimum number of active pool members to consider pool as active type: integer passive_monitor_path: description: | Passive healthchecks are disabled by default and can be enabled by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented. title: |- Passive monitor path type: string snat_translation: $ref: '#/definitions/LBSnatTranslation' description: | Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap. title: |- Snat translation configuration tcp_multiplexing_enabled: default: false description: | TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections. title: |- TCP multiplexing enable flag type: boolean tcp_multiplexing_number: default: 6 description: | The maximum number of TCP connections per pool that are idly kept alive for sending future client requests. format: int64 maximum: 2147483647 minimum: 0 title: |- Maximum number of TCP connections for multiplexing type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Defining access of a Group from a LBVirtualServer and binding to LBMonitorProfile. title: |- Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBPoolMember: description: |- Pool member. properties: admin_state: default: ENABLED description: |- Member admin state. enum: - ENABLED - DISABLED - GRACEFUL_DISABLED type: string backup_member: default: false description: | Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s). title: |- Determine whether the pool member is for backup usage type: boolean display_name: description: |- Pool member name. title: |- Pool member name type: string ip_address: description: |- Pool member IP address. format: ip type: string max_concurrent_connections: description: | To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum concurrent connection number type: integer port: description: | If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case. format: port-or-range type: string weight: default: 1 description: | Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms. format: int64 maximum: 256 minimum: 1 title: |- Pool member weight type: integer required: - ip_address title: |- Pool member type: object x-vmw-nsx-module: PolicyLoadBalancer LBPoolMemberGroup: description: |- Pool member group. properties: customized_members: description: | The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address. items: $ref: '#/definitions/PoolMemberSetting' readOnly: false title: |- List of customized pool member settings type: array group_path: description: | Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting. title: |- Grouping object path type: string ip_revision_filter: default: IPV4 description: | Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out. enum: - IPV4 - IPV6 - IPV4_IPV6 title: |- Filter of ipv4 or ipv6 address of grouping object IP list type: string max_ip_list_size: description: | The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime. format: int64 maximum: 2147483647 minimum: 0 title: |- Maximum number of grouping object IP address list type: integer port: description: | If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case. format: int32 maximum: 65535 minimum: 1 title: |- Pool member port for all IP addresses of the grouping object type: integer required: - group_path title: |- Pool member group type: object x-vmw-nsx-module: PolicyLoadBalancer LBRule: description: | Binding of a LBPool and Group to a LBVirtualServer used to route application traffic passing through load balancers. LBRule uses match conditions to match application traffic passing through a LBVirtualServer using HTTP or HTTPS. Can bind multiple LBVirtualServers to a Group. Each LBRule consists of two optional match conditions, each match contidion defines a criterion for application traffic. If no match conditions are specified, then the LBRule will always match and it is used typically to define default rules. If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LBRule to be considered a match. A match indicates that the LBVirtualServer should route the request to the Group (parent of LBRule). properties: actions: description: | A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. items: $ref: '#/definitions/LBRuleAction' maxItems: 60 title: |- Actions to be executed type: array display_name: description: | A display name useful for identifying an LBRule. title: |- Display name for LBRule type: string match_conditions: description: | A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. items: $ref: '#/definitions/LBRuleCondition' maxItems: 60 title: |- Conditions to match application traffic type: array match_strategy: default: ANY description: | If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match. enum: - ALL - ANY title: |- Match strategy for determining match of multiple conditions type: string phase: default: HTTP_FORWARDING description: | Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. enum: - HTTP_REQUEST_REWRITE - HTTP_FORWARDING - HTTP_RESPONSE_REWRITE - HTTP_ACCESS - TRANSPORT title: |- Load balancer processing phase type: string required: - actions title: |- Binding of a LBPool and Group to a LBVirtualServer type: object x-vmw-nsx-module: PolicyLoadBalancer LBRuleAction: description: | Load balancer rule actions are used to manipulate application traffic. Currently load balancer rules can be used at three load balancer processing phases. Each phase has its own supported type of actions. Supported actions in HTTP_REQUST_REWRITE phase are: LBHttpRequestUriRewriteAction LBHttpRequestHeaderRewriteAction LBHttpRequestHeaderDeleteAction LBVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are: LBHttpRejectAction LBHttpRedirectAction LBSelectPoolAction LBVariablePersistenceOnAction LBConnectionDropAction Supported action in HTTP_RESPONSE_REWRITE phase is: LBHttpResponseHeaderRewriteAction LBHttpResponseHeaderDeleteAction LBVariablePersistenceLearnAction Supported action in HTTP_ACCESS phase is: LBJwtAuthAction LBConnectionDropAction LBVariableAssignmentAction Supported action in TRANSPORT phase is: LBSslModeSelectionAction LBSelectPoolAction If the match type of an LBRuleCondition field is specified as REGEX and named capturing groups are used in the specified regular expression. The groups can be used as variables in LBRuleAction fields. For example, define a rule with LBHttpRequestUriCondition as match condition and LBHttpRequestUriRewriteAction as action. Set match_type field of LBHttpRequestUriCondition to REGEX, and set uri field to "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)". Set uri field of LBHttpRequestUriRewriteAction to: "/news/$year-$month/$article" In uri field of LBHttpRequestUriCondition, the (?<year>\d+), (?<month>\d+) and (?<article>.*) are named capturing groups, they define variables named $year, $month and $article respectively. The defined variables are used in LBHttpRequestUriRewriteAction. For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring "2017" is captured in variable $year, "06" is captured in variable $month, and "xyz.html" is captured in variable $article. The LBHttpRequestUriRewriteAction will rewrite the URI to: "/news/2017-06/xyz.html" A set of built-in variables can be used in LBRuleAction as well. The name of built-in variables start with underscore, the name of user defined variables is not allowed to start with underscore. Following are some of the built-in variables: $_scheme: Reference the scheme part of matched HTTP messages, could be "http" or "https". $_host: Host of matched HTTP messages, for example "www.example.com". $_server_port: Port part of URI, it is also the port of the server which accepted a request. Default port is 80 for http and 443 for https. $_uri: The URI path, for example "/products/sample.html". $_request_uri: Full original request URI with arguments, for example, "/products/sample.html?a=b&c=d". $_args: URI arguments, for instance "a=b&c=d" $_is_args: "?" if a request has URI arguments, or an empty string otherwise. For the full list of built-in variables, please reference the NSX-T Administrator's Guide. discriminator: type properties: type: description: | The property identifies the load balancer rule action type. enum: - LBSelectPoolAction - LBHttpRequestUriRewriteAction - LBHttpRequestHeaderRewriteAction - LBHttpRejectAction - LBHttpRedirectAction - LBHttpResponseHeaderRewriteAction - LBHttpRequestHeaderDeleteAction - LBHttpResponseHeaderDeleteAction - LBVariableAssignmentAction - LBVariablePersistenceOnAction - LBVariablePersistenceLearnAction - LBJwtAuthAction - LBSslModeSelectionAction - LBConnectionDropAction type: string required: - type title: |- Load balancer rule action type: object x-vmw-nsx-module: PolicyLoadBalancer LBRuleCondition: description: | Match conditions are used to match application traffic passing through load balancers. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion for application traffic. If inverse field is set to true, the match result of the condition is inverted. If more than one match condition is specified, match strategy determines if all conditions should match or any one condition should match for the load balancer rule to be considered a match. Currently only HTTP messages are supported by load balancer rules. Each load balancer rule is used at a specific phase of load balancer processing. Currently three phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE. Each phase supports certain types of match conditions, supported match conditions in HTTP_REQUEST_REWRITE phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match conditions in HTTP_FORWARDING phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition LBSslSniCondition Supported match conditions in HTTP_RESPONSE_REWRITE phase are: LBHttpResponseHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in HTTP_ACCESS phase is: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in TRANSPORT phase is: LBSslSniCondition discriminator: type properties: inverse: default: false description: |- A flag to indicate whether reverse the match result of this condition title: |- A flag to indicate whether reverse the match result of this condition type: boolean type: description: |- Type of load balancer rule condition enum: - LBHttpRequestUriCondition - LBHttpRequestHeaderCondition - LBHttpRequestMethodCondition - LBHttpRequestUriArgumentsCondition - LBHttpRequestVersionCondition - LBHttpRequestCookieCondition - LBHttpRequestBodyCondition - LBHttpResponseHeaderCondition - LBTcpHeaderCondition - LBIpHeaderCondition - LBVariableCondition - LBHttpSslCondition - LBSslSniCondition type: string required: - type title: |- Match condition of load balancer rule type: object x-vmw-nsx-module: PolicyLoadBalancer LBSelectPoolAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: pool_id: description: |- Path of load balancer pool. title: |- Path of load balancer pool type: string required: - pool_id type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to select a pool for matched HTTP request messages. The pool is specified by path. The matched HTTP request messages are forwarded to the specified pool. title: |- Action to select a pool for HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBServerSslProfile: allOf: - $ref: '#/definitions/LBSslProfile' - properties: cipher_group_label: description: | It is a label of cipher group which is mostly consumed by GUI. enum: - BALANCED - HIGH_SECURITY - HIGH_COMPATIBILITY - CUSTOM type: string ciphers: description: |- Supported SSL cipher list to client side. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Supported SSL cipher list to client side type: array is_fips: description: | This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. readOnly: true title: |- FIPS compliance of ciphers and protocols type: boolean is_secure: description: | This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. readOnly: true title: |- Secure/Insecure SSL profile flag type: boolean protocols: description: | SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. items: description: |- SSL protocol enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Supported SSL protocol list to client side type: array session_cache_enabled: default: true description: | SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. title: |- Session cache enable/disable falg type: boolean type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Server SSL profile. title: |- Server SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBServerSslProfileBinding: description: |- Server SSL profile binding. properties: certificate_chain_depth: default: 3 description: | Authentication depth is used to set the verification depth in the server certificates chain. format: int64 maximum: 2147483647 minimum: 1 title: |- The maximum traversal depth of server certificate chain type: integer client_certificate_path: description: | To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding title: |- Client certificate path type: string server_auth: default: AUTO_APPLY description: |- Server authentication mode. enum: - REQUIRED - IGNORE - AUTO_APPLY type: string server_auth_ca_paths: description: | If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. items: type: string title: |- CA path list to verify server certificate type: array server_auth_crl_paths: description: | A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. items: type: string title: |- CRL path list to verify server certificate type: array ssl_profile_path: description: | Server SSL profile defines reusable, application-independent server side SSL properties. title: |- Server SSL profile path type: string title: |- Server SSL profile binding type: object x-vmw-nsx-module: PolicyLoadBalancer LBService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: access_log_enabled: description: |- Flag to enable access log title: |- Flag to enable access log type: boolean x-deprecated: true connectivity_path: description: | LBS could be instantiated (or created) on the Tier-1, etc. For now, only the Tier-1 object is supported. title: |- The connectivity target used to instantiate the LBService type: string enabled: default: true description: |- Flag to enable the load balancer service. title: |- Flag to enable the load balancer service type: boolean error_log_level: default: INFO description: | Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log. enum: - DEBUG - INFO - WARNING - ERROR - CRITICAL - ALERT - EMERGENCY type: string relax_scale_validation: default: false description: | If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. title: |- Whether scale validation is relaxed type: boolean size: default: SMALL description: |- Load balancer service size. enum: - SMALL - MEDIUM - LARGE - XLARGE - DLB type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Loadbalancer Service. title: |- Loadbalancer Service x-vmw-nsx-module: PolicyLoadBalancer LBSessionCookieTime: allOf: - $ref: '#/definitions/LBCookieTime' - properties: cookie_max_idle: description: | Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Session cookie max idle time in seconds type: integer cookie_max_life: description: | Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Session cookie max lifetime in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Session cookie time. title: |- Session cookie time x-vmw-nsx-module: PolicyLoadBalancer LBSnatAutoMap: allOf: - $ref: '#/definitions/LBSnatTranslation' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat auto map. title: |- Snat auto map x-vmw-nsx-module: PolicyLoadBalancer LBSnatDisabled: allOf: - $ref: '#/definitions/LBSnatTranslation' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat disabled. title: |- Snat disabled x-vmw-nsx-module: PolicyLoadBalancer LBSnatIpElement: description: |- Snat Ip element. properties: ip_address: description: |- Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160. format: address-or-block-or-range type: string prefix_length: description: | Subnet prefix length should be not specified if there is only one single IP address or IP range. format: int64 title: |- Subnet prefix length type: integer required: - ip_address title: |- Snat Ip element type: object x-vmw-nsx-module: PolicyLoadBalancer LBSnatIpPool: allOf: - $ref: '#/definitions/LBSnatTranslation' - properties: ip_addresses: description: | If an IP range is specified, the range may contain no more than 64 IP addresses. items: $ref: '#/definitions/LBSnatIpElement' maxItems: 64 title: |- List of Ip address or ip range type: array required: - ip_addresses type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat Ip pool. title: |- Snat Ip pool x-vmw-nsx-module: PolicyLoadBalancer LBSnatTranslation: description: |- Snat Translation. discriminator: type properties: type: description: |- Snat translation type. enum: - LBSnatAutoMap - LBSnatIpPool - LBSnatDisabled type: string required: - type title: |- Snat Translation type: object x-vmw-nsx-module: PolicyLoadBalancer LBSourceIpPersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: ha_persistence_mirroring_enabled: default: false description: | Persistence entries are not synchronized to the HA peer by default. title: |- Mirroring enabled flag to synchronize persistence entries type: boolean purge: default: FULL description: |- Persistence purge setting. enum: - NO_PURGE - FULL type: string timeout: default: 300 description: | When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence entry expiration time in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. title: |- LBPersistenceProflie using SourceIP x-vmw-nsx-module: PolicyLoadBalancer LBSslModeSelectionAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: ssl_mode: description: | SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. enum: - SSL_PASSTHROUGH - SSL_END_TO_END - SSL_OFFLOAD title: |- Type of SSL mode type: string required: - ssl_mode type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to select SSL mode. Three types of SSL mode actions can be specified in Transport phase, ssl passthrough, ssl offloading and ssl end-to-end. title: |- Action to select SSL mode x-vmw-nsx-module: PolicyLoadBalancer LBSslProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Load balancer abstract SSL profile. title: |- Load balancer abstract SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBSslSniCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing SNI value. title: |- A case sensitive flag for SNI comparing type: boolean match_type: default: REGEX description: |- Match type of SNI enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string sni: description: | The SNI(Server Name indication) in client hello message. title: |- The server name indication type: string required: - sni type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match SSL SNI in client hello. This condition is only supported in TRANSPORT phase and HTTP_FORWARDING. title: |- Condition to match SSL SNI in client hello x-vmw-nsx-module: PolicyLoadBalancer LBTcpHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: source_port: description: |- TCP source port of HTTP message format: port-or-range type: string required: - source_port type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match TCP header fields of HTTP messages. Currently, only the TCP source port is supported. Ports can be expressed as a single port number like 80, or a port range like 1024-1030. title: |- Condition to match TCP header fields x-vmw-nsx-module: PolicyLoadBalancer LBTcpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: receive: description: | Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. title: |- Expected data received from server type: string send: description: | If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. title: |- Data to send type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over TCP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over TCP x-vmw-nsx-module: PolicyLoadBalancer LBUdpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: receive: description: | Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. title: |- Expected data received from server type: string send: description: | The data to be sent to the monitored server. title: |- Data to send type: string required: - receive - send type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over UDP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over UDP x-vmw-nsx-module: PolicyLoadBalancer LBVariableAssignmentAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: variable_name: description: |- Name of the variable to be assigned. title: |- Name of the variable to be assigned type: string variable_value: description: |- Value of variable. title: |- Value of variable type: string required: - variable_value - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to create a new variable and assign value to it. One action can be used to create one variable. To create multiple variables, multiple actions must be defined. The variables can be used by LBVariableCondition, etc. title: |- Action to create variable and assign value to it x-vmw-nsx-module: PolicyLoadBalancer LBVariableCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing variable value. title: |- A case sensitive flag for variable value comparing type: boolean match_type: default: REGEX description: |- Match type of variable value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string variable_name: description: |- Name of the variable to be matched title: |- Name of the variable to be matched type: string variable_value: description: |- Value of variable to be matched title: |- Value of variable to be matched type: string required: - variable_value - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match variable's name and value at all phases. The variables could be captured from REGEX or assigned by LBVariableAssignmentAction or system embedded variable. Varialbe_name and variable_value should be matched at the same time. title: |- Condition to match IP header fields x-vmw-nsx-module: PolicyLoadBalancer LBVariablePersistenceLearnAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: persistence_profile_path: description: | If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. title: |- Path to LBPersistenceProfile type: string variable_hash_enabled: default: false description: | The property is used to enable a hash operation for variable value when composing the persistence key. title: |- Whether to enable a hash operation for variable value type: boolean variable_name: description: | The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. title: |- Variable name type: string required: - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is performed in HTTP response rewrite phase. It is used to learn the value of variable from the HTTP response, and insert an entry into the persistence table if the entry doesn't exist. title: |- Action to learn the variable value x-vmw-nsx-module: PolicyLoadBalancer LBVariablePersistenceOnAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: persistence_profile_path: description: | If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. title: |- Path to LBPersistenceProfile type: string variable_hash_enabled: default: false description: | The property is used to enable a hash operation for variable value when composing the persistence key. title: |- Whether to enable a hash operation for variable value type: boolean variable_name: description: | The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. title: |- Variable name type: string required: - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is performed in HTTP forwarding phase. It is used to inspect the variable of HTTP request, and look up the persistence entry with its value and pool uuid as key. If the persistence entry is found, the HTTP request is forwarded to the recorded backend server according to the persistence entry. If the persistence entry is not found, a new entry is created in the table after backend server is selected. title: |- Action to persist the variable value x-vmw-nsx-module: PolicyLoadBalancer LBVirtualServer: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: access_list_control: $ref: '#/definitions/LBAccessListControl' description: | Specifies the access list control to define how to filter the connections from clients. title: |- IP access list control to filter the connections access_log_enabled: default: false description: | If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true. title: |- Access log enabled setting type: boolean application_profile_path: description: | The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported. title: |- Application profile path type: string client_ssl_profile_binding: $ref: '#/definitions/LBClientSslProfileBinding' description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection title: |- Virtual server side SSL binding setting default_pool_member_ports: description: | Default pool member ports when member port is not defined. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 14 title: |- Default pool member ports when member port is not defined. type: array enabled: default: true description: |- Flag to enable the load balancer virtual server. title: |- whether the virtual server is enabled type: boolean ip_address: description: | Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers. format: ip type: string lb_persistence_profile_path: description: | Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. title: |- Persistence Profile used by LBVirtualServer type: string lb_service_path: description: | virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities. title: |- Path to LBService object for LBVirtualServer type: string log_significant_event_only: default: false description: | The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx). title: |- Log only significant event in access log type: boolean max_concurrent_connections: description: | To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum concurrent connection number type: integer max_new_connection_rate: description: | To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum new connection rate in connections per second type: integer pool_path: description: | The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application. title: |- Default server pool path type: string ports: description: | Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string title: |- Virtual server port number(s) or port range(s) type: array rules: description: | Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile. items: $ref: '#/definitions/LBRule' maxItems: 4000 title: |- List of load balancer rules type: array server_ssl_profile_binding: $ref: '#/definitions/LBServerSslProfileBinding' description: | The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. title: |- Pool side SSL binding setting sorry_pool_path: description: | When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool. title: |- Sorry server pool path type: string required: - ip_address - ports - application_profile_path type: object x-vmw-nsx-module: PolicyLoadBalancer description: | All the types of LBVirtualServer extend from this abstract class. This is present for extensibility. title: |- Base class for each type of LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer Label: description: |- Label that will be displayed for a UI element. properties: condition: description: |- If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API. maxLength: 1024 title: |- Expression for evaluating condition type: string hover: default: false description: |- If true, displays the label only on hover title: |- Show label only on hover type: boolean icons: description: |- Icons to be applied at dashboard for the label items: $ref: '#/definitions/Icon' minItems: 0 title: |- Icons type: array navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string text: description: |- Text to be displayed at the label. maxLength: 255 title: |- Label text type: string required: - text title: |- Label type: object x-vmw-nsx-module: NsxDashboard LabelValueConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: layout: $ref: '#/definitions/Layout' description: |- Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied. title: |- Layout of properties inside widget navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string properties: description: |- An array of label-value properties. items: $ref: '#/definitions/PropertyItem' title: |- Rows type: array sub_type: description: |- A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. enum: - VERTICALLY_ALIGNED title: |- Sub-type of the LabelValueConfiguration type: string required: - properties type: object x-vmw-nsx-module: NsxDashboard description: |- Represents a Label-Value widget configuration title: |- Label Value Dashboard Widget Configuration x-vmw-nsx-module: NsxDashboard LacpGroupConfigInfo: properties: key: description: | The key represents the identifier for the group that is unique across VC. readOnly: false title: |- The generated key as the identifier for the group type: string load_balance_algorithm: description: | Load balance algorithm used in LACP group. The possible values are dictated by the values available in VC. Please refer VMwareDvsLacpLoadBalanceAlgorithm documentation for a full list of values. A few examples are srcDestIp where source and destination IP are considered, srcIp where only source IP is considered. readOnly: false title: |- Load balance policy type: string mode: description: | The mode of LACP can be ACTIVE or PASSIVE. If the mode is ACTIVE, LACP is enabled unconditionally. If the mode is PASSIVE, LACP is enabled only if LACP device is detected. enum: - ACTIVE - PASSIVE readOnly: false title: |- The mode of Link Aggregation Control Protocol (LACP) type: string name: description: |- The display name of the LACP group. readOnly: false title: |- The display name type: string uplink_names: description: |- Names for the uplink ports in the group. items: type: string readOnly: false title: |- Uplink names type: array uplink_num: description: |- The number of uplink ports format: int64 readOnly: false title: |- The number of uplink ports type: integer uplink_port_keys: description: | Keys for the uplink ports in the group. Each uplink port is assigned a key that is unique across VC. items: type: string readOnly: false title: |- Keys for the uplink ports type: array type: object x-vmw-nsx-module: InventoryCmInvComm Layout: description: |- Represents layout of a container or widget properties: properties: $ref: '#/definitions/LayoutProperties' type: default: HORIZONTAL description: |- Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. enum: - HORIZONTAL - VERTICAL - GRID title: |- Type of layout of a container or widget type: string title: |- Layout of a container or widget type: object x-vmw-nsx-module: NsxDashboard LayoutProperties: description: |- Properties of the layout of a container or widget properties: num_columns: description: |- Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only. format: int32 title: |- Number of columns of grid type: integer num_rows: description: |- Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only. format: int32 title: |- Number of rows of grid type: integer title: |- Layout properties of a container or widget type: object x-vmw-nsx-module: NsxDashboard LbHttpRequestHeader: properties: header_name: description: |- Name of HTTP request header title: |- Name of HTTP request header type: string header_value: description: |- Value of HTTP request header title: |- Value of HTTP request header type: string required: - header_value - header_name type: object x-vmw-nsx-module: LoadBalancer LdapIdentitySource: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: alternative_domain_names: description: |- After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. items: type: string title: |- Additional domains to be directed to this identity source type: array base_dn: description: |- The subtree of the LDAP identity source to search when locating users and groups. title: |- DN of subtree for user and group searches type: string domain_name: description: |- The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. title: |- Authentication domain name type: string ldap_servers: description: |- The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. items: $ref: '#/definitions/IdentitySourceLdapServer' maxItems: 1 title: |- LDAP servers for this identity source type: array resource_type: enum: - ActiveDirectoryIdentitySource - OpenLdapIdentitySource type: string required: - domain_name - resource_type - base_dn type: object x-vmw-nsx-module: LdapIdentitySources description: |- This is the base type for all identity sources that use LDAP for authentication and group membership. title: |- An LDAP identity source x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: items: $ref: '#/definitions/LdapIdentitySource' type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- The results of listing LDAP identity sources. title: |- List results containing LDAP identity sources x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceProbeResults: allOf: - $ref: '#/definitions/Resource' - properties: results: description: |- Probe results for all probed LDAP servers. items: $ref: '#/definitions/IdentitySourceLdapServerProbeResult' title: |- Probe results type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- Results from probing all LDAP servers in an LDAP identity source configuration. title: |- Results from probing all LDAP servers x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceSearchResultItem: properties: common_name: description: |- The Common Name (CN) of the entry, if available. title: |- Common Name (CN) of entry type: string dn: description: |- Distinguished name (DN) of the entry. title: |- DN of the entry type: string principal_name: description: |- For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory. title: |- The principal name of the user or group, if available type: string type: description: |- Describes the type of the entry enum: - USER - GROUP title: |- Type of the entry type: string type: object x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceSearchResultList: allOf: - $ref: '#/definitions/Resource' - properties: results: items: $ref: '#/definitions/LdapIdentitySourceSearchResultItem' type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- A list of LDA entries returned from a search of an LDAP identity source. title: |- A list of LDAP search results x-vmw-nsx-module: LdapIdentitySources LdapProbeError: description: |- Detail about one error encountered during a probe. properties: error_type: description: | The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to require a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. UNKNOWN_HOST: The hostname of the LDAP server could not be resolved. enum: - BASE_DN_NOT_FOUND - BIND_DN_AND_PASSWORD_REQUIRED - BIND_DN_INVALID - CERTIFICATE_HOSTNAME_MISMATCH_ERROR - CERTIFICATE_MISMATCH_ERROR - CONNECTION_REFUSED - CONNECTION_TIMEOUT - GENERAL_ERROR - INVALID_CONFIGURED_CERTIFICATE - INVALID_CREDENTIALS - SSL_HANDSHAKE_ERROR - STARTTLS_FAILED - UNKNOWN_HOST title: |- Error type type: string title: |- Error detail from probe type: object x-vmw-nsx-module: LdapIdentitySources Legend: description: |- Represents legend that describes the entities of the widget. properties: alignment: default: VERTICAL description: |- Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side. enum: - HORIZONTAL - VERTICAL title: |- Alignment of the legend type: string display_count: default: true description: |- If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend. title: |- Show count of entities in the legend type: boolean position: default: RIGHT description: |- Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget. enum: - TOP - BOTTOM - LEFT - RIGHT - TOP_RIGHT title: |- Placement of legend type: string type: default: CIRCLE description: |- Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget. enum: - CIRCLE title: |- Type of the legend type: string unit: description: |- Show unit of entities in the legend. title: |- Show unit of entities in the legend type: string title: |- Legend for the widget type: object x-vmw-nsx-module: NsxDashboard ListResult: allOf: - $ref: '#/definitions/Resource' - properties: cursor: description: |- Opaque cursor to be used for getting next page of records (supplied by current result page) readOnly: true title: |- Opaque cursor to be used for getting next page of records (supplied by current result page) type: string result_count: description: |- Count of results found (across all pages), set only on first page format: int64 readOnly: true title: |- Count of results found (across all pages), set only on first page type: integer sort_ascending: description: |- If true, results are sorted in ascending order readOnly: true title: |- If true, results are sorted in ascending order type: boolean sort_by: description: |- Field by which records are sorted readOnly: true title: |- Field by which records are sorted type: string type: object x-vmw-nsx-module: Common description: |- Base class for list results from collections title: |- Base class for list results from collections x-vmw-nsx-module: Common LiveTraceConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: actions: $ref: '#/definitions/PolicyLiveTraceActionConfig' description: | Configuration of actions on the filtered packets. title: |- Livetrace actions filter: $ref: '#/definitions/LiveTraceFilterData' description: | Filter for flows of interest. title: |- Packet filter is_transient: default: true description: | This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity. title: |- Marker to indicate if the intent is transient type: boolean src_port_path: description: | Policy path of logical port to start a livetrace session. title: |- Policy path of logical port type: string timeout: default: 10 description: | The duration for observing live traffic on the specified source logical port. format: int64 maximum: 300 minimum: 5 title: |- Timeout in seconds for livetrace session type: integer required: - src_port_path - actions type: object x-vmw-nsx-module: PolicyConnectivity description: |- Livetrace configuration title: |- Livetrace configuration x-vmw-nsx-module: PolicyConnectivity LiveTraceFilterData: discriminator: resource_type properties: resource_type: description: |- Filter type enum: - FieldsFilterData - PlainFilterData title: |- Filter type type: string required: - resource_type type: object x-vmw-nsx-module: LiveTrace LiveTracePacketGranularActionConfig: description: |- Configuration of livetrace packet granular action properties: dest_port_path: description: | Policy path of logical port for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same port specified for the reverse direction. title: |- Policy path of logical port type: string reverse_filter: $ref: '#/definitions/LiveTraceFilterData' description: | Filter for flows of interest at the reverse direction. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse direction. title: |- Packet filter sampling: $ref: '#/definitions/LiveTraceSamplingConfig' description: | Sampling parameter for the action. Trace action and packet capture action only support first-N sampling. title: |- Sampling parameter for the action trace_type: description: |- Type of trace enum: - UNI_DIRECTIONAL - BI_DIRECTIONAL title: |- Type of trace type: string required: - trace_type - sampling title: |- Configuration of livetrace packet granular action type: object x-vmw-nsx-module: PolicyConnectivity LiveTraceSamplingConfig: description: |- Sampling parameter for a livetrace action properties: match_number: description: | First N packets are sampled. format: int64 maximum: 50 minimum: 1 title: |- Parameter for first-N sampling. type: integer sampling_interval: description: | A packet is sampled for every given time interval in ms. format: int64 maximum: 30000 minimum: 1 title: |- Parameter for interval based sampling type: integer sampling_rate: description: | 1 out of N packets is sampled on average. format: int64 maximum: 65535 minimum: 1 title: |- Parameter for packet number based sampling type: integer title: |- Sampling parameter for a livetrace action type: object x-vmw-nsx-module: PolicyConnectivity LocalEgress: description: | Local Egress is used on both server and client sites so that the gateway is used for N-S traffic and overhead on L2VPN tunnel is reduced. properties: optimized_ips: description: | Gateway IP for Local Egress. Local egress is enabled only when this list is not empty. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 1 minItems: 1 title: |- Gateway IP for Local Egress type: array title: |- Local Egress type: object x-vmw-nsx-module: PolicyConnectivity LocalEgressRoutingEntry: description: |- Local egress routing policy properties: nexthop_address: description: | Next hop address for proximity routing. title: |- Next hop address type: string prefix_list_paths: description: | The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions. items: type: string maxItems: 1 title: |- Policy path to prefix lists type: array required: - nexthop_address - prefix_list_paths title: |- Local egress routing policy type: object x-vmw-nsx-module: PolicyConnectivity LocaleServices: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bfd_profile_path: description: | This profile is applied to all static route peers in this locale. BFD profile configured on static route peers takes precedence over global configuration. If this field is empty, a default profile is applied to all peers. title: |- Policy path of BFD profile type: string edge_cluster_path: description: | Policy path to edge cluster. Auto-assigned on Tier0 if associated enforcement-point has only one edge cluster. title: |- Edge cluster path type: string ha_vip_configs: description: |- This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed. items: $ref: '#/definitions/Tier0HaVipConfig' title: |- Array of HA VIP Config. type: array preferred_edge_paths: description: | Policy paths to edge nodes. For Tier1 gateway, the field is used to statically assign the ordered list of up to two edge nodes for stateful services. To enable auto allocation of nodes from the specified edge cluster the field must be left unset. The auto allocation of nodes is supported only for the Tier1 gateway. For Tier0 gateway specified edge is used as a preferred edge node when failover mode is set to PREEMPTIVE, not applicable otherwise. items: type: string maxItems: 2 title: |- Edge node path type: array route_redistribution_config: $ref: '#/definitions/Tier0RouteRedistributionConfig' description: |- Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on. title: |- Route Redistribution configuration route_redistribution_types: description: | Enable redistribution of different types of routes on Tier-0. This property is only valid for locale-service under Tier-0. This property is deprecated, please use "route_redistribution_config" property to configure redistribution rules. items: description: | Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. Route redistribution destination is BGP. enum: - TIER0_STATIC - TIER0_CONNECTED - TIER0_EXTERNAL_INTERFACE - TIER0_SEGMENT - TIER0_ROUTER_LINK - TIER0_SERVICE_INTERFACE - TIER0_LOOPBACK_INTERFACE - TIER0_DNS_FORWARDER_IP - TIER0_IPSEC_LOCAL_IP - TIER0_NAT - TIER0_EVPN_TEP_IP - TIER1_NAT - TIER1_STATIC - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_CONNECTED - TIER1_SERVICE_INTERFACE - TIER1_SEGMENT - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable redistribution of different types of routes on Tier-0 type: array x-deprecated: true type: object x-vmw-nsx-module: PolicyConnectivity description: |- Site specific configuration of Tier0 in multi-site scenario title: |- Locale-services configuration x-vmw-nsx-module: PolicyConnectivity LocaleServicesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- LocaleServices results items: $ref: '#/definitions/LocaleServices' title: |- LocaleServices results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of LocaleServices title: |- Paged collection of LocaleServices x-vmw-nsx-module: PolicyConnectivity LogicalPortStatistics: allOf: - $ref: '#/definitions/AggregatedDataCounterEx' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer logical_port_id: description: |- The id of the logical port readOnly: true title: |- The id of the logical port type: string type: object x-vmw-nsx-module: AggSvcLogicalPort x-vmw-nsx-module: AggSvcLogicalPort LogicalRouterPortCounters: properties: blocked_packets: description: |- The total number of packets blocked. format: int64 title: |- The number of blocked packets type: integer dad_dropped_packets: description: |- Number of duplicate address detected packets dropped. format: int64 title: |- The number of duplicate address detected packets dropped type: integer destination_unsupported_dropped_packets: description: |- Number of packtes dropped as destination is not supported. format: int64 title: |- The number of destination unsupported packets dropped type: integer dropped_packets: description: |- The total number of packets dropped. format: int64 title: |- The number of dropped packets type: integer firewall_dropped_packets: description: |- Number of firewall packets dropped. format: int64 title: |- The number of firewall packets dropped type: integer frag_needed_dropped_packets: description: |- Number of fragmentation needed packets dropped. format: int64 title: |- The number of fragmentation needed packets dropped type: integer ipsec_dropped_packets: description: |- Number of IPSec packets dropped format: int64 title: |- The number of IPSec packets dropped type: integer ipsec_no_sa_dropped_packets: description: |- Number of IPSec no security association packets dropped. format: int64 title: |- The number of IPSec no security association packets dropped type: integer ipsec_no_vti_dropped_packets: description: |- Number of IPSec packets dropped as no VTI is present. format: int64 title: |- The number of IPSec no VTI packets dropped type: integer ipsec_pol_block_dropped_packets: description: |- Number of IPSec policy block packets dropped. format: int64 title: |- The number of IPSec policy block packets dropped type: integer ipsec_pol_err_dropped_packets: description: |- Number of IPSec policy error packets dropped. format: int64 title: |- The number of IPSec policy error packets dropped type: integer ipv6_dropped_packets: description: |- Number of IPV6 packets dropped. format: int64 title: |- The number of IPV6 packets dropped type: integer kni_dropped_packets: description: |- Number of DPDK kernal NIC interface packets dropped. format: int64 title: |- The number of kernal NIC interface packets dropped type: integer l4port_unsupported_dropped_packets: description: |- Number of packets dropped due to unsupported L4 port. format: int64 title: |- The number of L4 port unsupported packets dropped type: integer malformed_dropped_packets: description: |- Number of packtes dropped as they are malformed. format: int64 title: |- The number of malformed packets dropped type: integer no_arp_dropped_packets: description: |- Number of no ARP packets dropped. format: int64 title: |- The number of no ARP packets dropped type: integer no_linked_dropped_packets: description: |- Number of packets dropped as no linked ports are present. format: int64 title: |- The number of no linked packets dropped type: integer no_mem_dropped_packets: description: |- Number of packets dropped due to insufficient memory. format: int64 title: |- The number of no memory packets dropped type: integer no_receiver_dropped_packets: description: |- Number of packets dropped due to absence of receiver. format: int64 title: |- The number of no receiver packets dropped type: integer no_route_dropped_packets: description: |- The number of no route packets dropped format: int64 title: |- The number of no route packets dropped type: integer non_ip_dropped_packets: description: |- Number of non IP packets dropped. format: int64 title: |- The number of non IP packets dropped type: integer proto_unsupported_dropped_packets: description: |- Number of packets dropped as protocol is unsupported. format: int64 title: |- The number of protocol unsupported packets dropped type: integer redirect_dropped_packets: description: |- Number of redirect packets dropped. format: int64 title: |- The number of redirect packets dropped type: integer rpf_check_dropped_packets: description: |- Number of reverse-path forwarding check packets dropped. format: int64 title: |- The number of reverse-path forwarding check packets dropped type: integer service_insert_dropped_packets: description: |- Number of service insert packets dropped. format: int64 title: |- The number of service insert packets dropped type: integer total_bytes: description: |- The total number of bytes transferred. format: int64 title: |- The total number of bytes type: integer total_packets: description: |- The total number of packets transferred. format: int64 title: |- The total number of packets type: integer ttl_exceeded_dropped_packets: description: |- Number of time to live exceeded packets dropped. format: int64 title: |- The number of time to live exceeded packets dropped type: integer type: object x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatistics: properties: logical_router_port_id: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string per_node_statistics: additionalProperties: false description: |- Per Node Statistics items: $ref: '#/definitions/LogicalRouterPortStatisticsPerNode' readOnly: true title: |- Per Node Statistics type: array required: - logical_router_port_id type: object x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatisticsPerNode: allOf: - $ref: '#/definitions/AggregatedLogicalRouterPortCounters' - properties: transport_node_id: description: |- The ID of the TransportNode readOnly: true title: |- The ID of the TransportNode type: string type: object x-vmw-nsx-module: AggSvcLogicalRouterPort x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatisticsSummary: allOf: - $ref: '#/definitions/AggregatedLogicalRouterPortCounters' - properties: logical_router_port_id: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string required: - logical_router_port_id type: object x-vmw-nsx-module: AggSvcLogicalRouterPort x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterState: allOf: - $ref: '#/definitions/EdgeConfigurationState' - type: object x-vmw-nsx-module: LogicalRouter description: |- This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors. title: |- Realization State of Logical Router. x-vmw-nsx-module: LogicalRouter LogicalRouterStatus: properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer locale_operation_mode: description: | Egress mode for the logical router at given mode enum: - PRIMARY_LOCATION - SECONDARY_LOCATION readOnly: true title: |- Location mode for logical router type: string logical_router_id: description: |- The id of the logical router title: |- The id of the logical router type: string per_node_status: description: |- Per Node Status items: $ref: '#/definitions/LogicalRouterStatusPerNode' readOnly: true title: |- Per Node Status type: array required: - logical_router_id type: object x-vmw-nsx-module: AggSvcLogicalRouter LogicalRouterStatusPerNode: properties: high_availability_status: description: |- A service router's HA status on an edge node enum: - ACTIVE - STANDBY - DOWN - SYNC - UNKNOWN - ADMIN_DOWN title: |- A service router's HA status on an edge node type: string service_router_id: description: |- id of the service router where the router status is retrieved. title: |- id of the service router where the router status is retrieved. type: string transport_node_id: description: |- id of the transport node where the router status is retrieved. title: |- id of the transport node where the router status is retrieved. type: string required: - high_availability_status - transport_node_id type: object x-vmw-nsx-module: AggSvcLogicalRouter LogicalSwitchStatistics: allOf: - $ref: '#/definitions/AggregatedDataCounterEx' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer logical_switch_id: description: |- The id of the logical Switch readOnly: true title: |- The id of the logical Switch type: string type: object x-vmw-nsx-module: AggSvcLogicalSwitch x-vmw-nsx-module: AggSvcLogicalSwitch MACAddressExpression: allOf: - $ref: '#/definitions/Expression' - properties: mac_addresses: description: |- This array can consist of one or more MAC addresses. items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 4000 minItems: 1 title: |- Array of MAC addresses type: array required: - mac_addresses type: object x-vmw-nsx-module: Policy description: |- Represents MAC address expressions in the form of an array, to support addition of MAC addresses in a group. Avoid creating groups with multiple MACAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression. To group MAC addresses, use nested groups instead of multiple MACAddressExpression. title: |- MAC address expression node x-vmw-nsx-module: Policy MACAddressList: description: |- List of MAC Addresses. properties: mac_addresses: description: |- The array contains MAC addresses. items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 4000 minItems: 1 title: |- Array of MAC addresses type: array required: - mac_addresses title: |- MAC Address members. type: object x-vmw-nsx-module: Policy MacAddressCsvListResult: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/MacTableCsvRecord' type: array type: object x-vmw-nsx-module: AggSvcLogicalSwitch x-vmw-nsx-module: AggSvcLogicalSwitch MacDiscoveryProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: mac_change_enabled: default: false description: |- Allowing source MAC address change title: |- Is rule enabled or not type: boolean mac_learning_aging_time: default: 600 description: |- Indicates how long learned MAC address remain. format: int32 readOnly: true title: |- Aging time in seconds for learned MAC address type: integer mac_learning_enabled: description: |- Allowing source MAC address learning title: |- Is MAC learning enabled or not type: boolean mac_limit: default: 4096 description: |- The maximum number of MAC addresses that can be learned on this port format: int32 maximum: 4096 minimum: 0 title: |- Maximum number of arp bindings type: integer mac_limit_policy: default: ALLOW description: |- The policy after MAC Limit is exceeded enum: - ALLOW - DROP title: |- Mac Limit Policy type: string remote_overlay_mac_limit: default: 2048 description: | This property specifies the limit on the maximum number of MACs learned for a remote virtual machine's MAC to VTEP binding per overlay logical switch. format: int32 maximum: 8192 minimum: 2048 title: |- The maximum number of MAC addresses learned on an overlay Logical Switch type: integer unknown_unicast_flooding_enabled: default: true description: |- Allowing flooding for unlearned MAC for ingress traffic title: |- Is unknown unicast flooding rule enabled or not type: boolean required: - mac_learning_enabled type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Mac Discovery Profile title: |- Mac Discovery Profile x-vmw-nsx-module: PolicyMacDiscovery MacDiscoveryProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Mac Discovery profile list results items: $ref: '#/definitions/MacDiscoveryProfile' title: |- Mac Discovery profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Paged collection of Mac Discovery Profiles title: |- Paged collection of Mac Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery MacLearningCounters: properties: mac_not_learned_packets_allowed: description: |- The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW. format: int64 title: |- Number of dispatched packets with unknown source MAC address. type: integer mac_not_learned_packets_dropped: description: |- The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP. format: int64 title: |- Number of dropped packets with unknown source MAC address. type: integer macs_learned: description: |- Number of MACs learned format: int64 title: |- Number of MACs learned type: integer type: object x-vmw-nsx-module: AggSvcL2Types MacTableCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: mac_address: description: |- The MAC address title: |- The MAC address type: string rtep_group_id: description: | RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address. format: int64 title: |- Remote tunnel endpoint(RTEP) group id type: integer vtep_group_id: description: | VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address. format: int64 title: |- Virtual tunnel endpoint(VTEP) group id type: integer vtep_ip: description: |- The virtual tunnel endpoint IP address format: ip type: string vtep_mac_address: description: |- The virtual tunnel endpoint MAC address title: |- The virtual tunnel endpoint MAC address type: string required: - mac_address type: object x-vmw-nsx-module: AggSvcLogicalSwitch x-vmw-nsx-module: AggSvcLogicalSwitch MacTableEntry: properties: mac_address: description: |- The MAC address title: |- The MAC address type: string rtep_group_id: description: | RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address. format: int64 title: |- Remote tunnel endpoint(RTEP) group id type: integer vtep_group_id: description: | VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address. format: int64 title: |- Virtual tunnel endpoint(VTEP) group id type: integer vtep_ip: description: |- The virtual tunnel endpoint IP address format: ip type: string vtep_mac_address: description: |- The virtual tunnel endpoint MAC address title: |- The virtual tunnel endpoint MAC address type: string required: - mac_address type: object x-vmw-nsx-module: AggSvcLogicalSwitch ManagedResource: allOf: - $ref: '#/definitions/RevisionedResource' - properties: _create_time: description: |- Timestamp of resource creation format: int64 readOnly: true type: integer _create_user: description: |- ID of the user who created this resource readOnly: true type: string _last_modified_time: description: |- Timestamp of last modification format: int64 readOnly: true type: integer _last_modified_user: description: |- ID of the user who last modified this resource readOnly: true type: string _protection: description: | Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. readOnly: true title: |- Indicates protection status of this resource type: string _system_owned: description: |- Indicates system owned resource readOnly: true type: boolean description: description: |- Description of this resource maxLength: 1024 title: |- Description of this resource type: string display_name: description: |- Defaults to ID if not set maxLength: 255 title: |- Identifier to use when displaying entity in logs or GUI type: string id: description: |- Unique identifier of this resource title: |- Unique identifier of this resource type: string resource_type: description: |- The type of this resource. readOnly: false type: string tags: description: |- Opaque identifiers meaningful to the API user items: $ref: '#/definitions/Tag' maxItems: 30 title: |- Opaque identifiers meaningful to the API user type: array type: object x-vmw-nsx-module: Common description: |- Base type for resources that are managed by API clients title: |- Base type for resources that are managed by API clients x-vmw-nsx-module: Common ManagementConfig: allOf: - $ref: '#/definitions/RevisionedResource' - properties: publish_fqdns: description: |- True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. title: |- True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. type: boolean required: - publish_fqdns type: object x-vmw-nsx-module: ConfigManagement x-vmw-nsx-module: ConfigManagement MetadataProxyConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: crypto_protocols: description: |- The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default items: description: |- Metadata proxy supported cryptographic protocol enum: - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Metadata proxy supported cryptographic protocols type: array edge_cluster_path: description: |- Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects. title: |- Poilcy path to Edge Cluster type: string enable_standby_relocation: default: false description: |- Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured. title: |- Flag to enable standby relocation type: boolean preferred_edge_paths: description: |- Edge nodes should be members of edge cluster configured in edge_cluster_path. items: type: string maxItems: 2 title: |- Preferred Edge Paths type: array secret: description: |- Secret word or phrase to access metadata server. title: |- Secret type: string server_address: description: |- This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000. title: |- Server Address type: string server_certificates: description: |- Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy. items: type: string title: |- Policy paths to Certificate Authority (CA) certificates type: array required: - server_address - edge_cluster_path - secret type: object x-vmw-nsx-module: PolicyMetadataProxy description: |- Metadata Proxy Configuration title: |- Metadata Proxy Configuration x-vmw-nsx-module: PolicyMetadataProxy MirrorStackStatusListResult: allOf: - $ref: '#/definitions/ListResult' - properties: overall_status: description: | SUCCESS if all the TN's stack status are SUCCESS, FAILED if some of the TN's stack status are FAILED. enum: - UNKNOWN - SUCCESS - FAILED type: string results: description: | List all TN nodes which spaned in remote L3 mirror session mirror stack health status detailed info, including mirror stack status, vmknic status, TN node ID, TN node name and last updated status timestamp. items: $ref: '#/definitions/TnNodeStackSpanStatus' title: |- All TN nodes in remote L3 mirror session mirror stack health status type: array required: - overall_status - results type: object x-vmw-nsx-module: PortMirroring x-vmw-nsx-module: PortMirroring MonitoringProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Base Monitoring Profile Binding Map title: |- Base Monitoring Profile Binding Map x-vmw-nsx-module: PolicyMonitoringProfileBinding MultiWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string widgets: description: |- Array of widgets that are part of the multi-widget. items: $ref: '#/definitions/WidgetItem' maxItems: 2 minItems: 1 title: |- Widgets type: array required: - widgets type: object x-vmw-nsx-module: NsxDashboard description: |- Combines two or more widgetconfigurations into a multi-widget title: |- Multi-Widget x-vmw-nsx-module: NsxDashboard NSXTConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: edge_cluster_ids: description: | Edge Cluster UUIDs on enforcement point. Edge cluster information is required for creating logical L2, L3 constructs on enforcement point. Max 1 edge cluster ID. This is a deprecated property. The edge cluster id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id. The value passed through this property will be ignored. items: type: string maxItems: 1 title: |- Edge Cluster IDs type: array x-deprecated: true password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string transport_zone_ids: description: | Transport Zone UUIDs on enforcement point. Transport zone information is required for creating logical L2, L3 constructs on enforcement point. Max 1 transport zone ID. This is a deprecated property. The transport zone id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id. The value passed through this property will be ignored. items: type: string maxItems: 1 title: |- Transport Zone IDs type: array x-deprecated: true username: description: |- Username. title: |- Username type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to an NSX-T type of enforcement point. title: |- NSX-T Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement NSXVConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username. title: |- Username type: string required: - thumbprint type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to an NSX-V type of enforcement point. title: |- NSX-V Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement NdSnoopingConfig: description: | Contains Neighbor Discovery Protocol (ND) snooping related configuration. properties: nd_snooping_enabled: default: false description: | Enable this method will snoop the NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol) family of messages which are transmitted by a VM. From the NS messages, we will learn about the source which sent this NS message. From the NA message, we will learn the resolved address in the message which the VM is a recipient of. Addresses snooped by this method are subject to TOFU (Trust on First Use) policies as enforced by the system. title: |- Is ND snooping enabled or not type: boolean nd_snooping_limit: default: 3 description: | Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses format: int32 maximum: 15 minimum: 2 title: |- Maximum number of ND (Neighbor Discovery Protocol) bindings type: integer title: |- ND Snooping Configuration type: object x-vmw-nsx-module: PolicyIpDiscovery NdpHeader: description: |- Neighbor discovery protocol header properties: dst_ip: description: |- The IP address of the destination of the solicitation. It MUST NOT be a multicast address. format: ipv6 type: string msg_type: default: NEIGHBOR_SOLICITATION description: |- This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message. enum: - NEIGHBOR_SOLICITATION - NEIGHBOR_ADVERTISEMENT title: |- NDP message type type: string title: |- Neighbor discovery protocol header type: object x-vmw-nsx-module: Traceflow NestedExpression: allOf: - $ref: '#/definitions/Expression' - properties: expressions: description: |- Expression. items: $ref: '#/definitions/Expression' minItems: 1 title: |- Expression type: array required: - expressions type: object x-vmw-nsx-module: Policy description: | Nested expressions is a list of condition expressions that must follow the below criteria: 0. Only allowed expressions in a NestedExpression are Condition and ConjunctionOperator. 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all condition expressions must be at even indices, separated by the conjunction expressions AND at odd indices. 2. There may be at most 5 condition expressions inside a list. 3. NestedExpressions are homogeneous in nature, i.e, all expressions inside a nested expression must have the same member type. title: |- NestedExpression x-vmw-nsx-module: Policy NestedServiceServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: nested_service_path: description: |- path of nested service title: |- path of nested service type: string required: - nested_service_path type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents nesting service title: |- A ServiceEntry that represents nesting service x-vmw-nsx-module: Policy NetworkError: description: |- Network error related to container objects. properties: error_code: description: |- Error code of network related error. readOnly: true title: |- Error code type: string error_message: description: |- Detailed message of network related error. readOnly: true title: |- Error message type: string spec: description: |- Additional error information in json format. readOnly: true title: |- Other specifications type: string title: |- Network Error type: object x-vmw-nsx-module: InventoryContainerObj NewRole: description: |- New Role properties: new_role_description: description: |- New role description title: |- New role description type: string new_role_id: description: |- New role id title: |- New role id type: string new_role_name: description: |- New role name title: |- New role name type: string required: - new_role_name - new_role_id title: |- New Role type: object x-vmw-nsx-module: AAA NodeIdServicesMap: properties: node_id: description: |- NodeId maxLength: 255 readOnly: false title: |- NodeId type: string service_types: description: |- List of ServiceTypes. items: description: |- Supported service types, that are using certificates. enum: - MGMT_CLUSTER - MGMT_PLANE - API - NOTIFICATION_COLLECTOR - SYSLOG_SERVER - RSYSLOG_CLIENT - APH - GLOBAL_MANAGER - LOCAL_MANAGER - CLIENT_AUTH - RMQ type: string readOnly: false type: array required: - service_types - node_id type: object x-vmw-nsx-module: CertificateManager NsxRole: description: |- Role properties: permissions: description: |- Please use the /user-info/permissions api to get the permission that the user has on each feature. items: enum: - read-api - read-write-api - crud - read - execute - none type: string title: |- Permissions type: array x-deprecated: true role: description: |- This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum. title: |- Role ID type: string required: - role title: |- Role type: object x-vmw-nsx-module: AAA NsxTDNSForwarderStatistics: allOf: - $ref: '#/definitions/DNSForwarderStatisticsPerEnforcementPoint' - properties: cached_entries: description: |- The total number of cached entries format: int64 readOnly: true title: |- The total number of cached entries type: integer conditional_forwarder_statistics: description: |- The statistics of conditional forwarder zones items: $ref: '#/definitions/NsxTDNSForwarderZoneStatistics' maxItems: 5 minItems: 0 readOnly: true title: |- The statistics of conditional forwarder zones type: array configured_cache_size: description: |- The configured cache size, in kb format: int64 readOnly: true title: |- The configured cache size, in kb type: integer default_forwarder_statistics: $ref: '#/definitions/NsxTDNSForwarderZoneStatistics' description: |- The statistics of default forwarder zone readOnly: true title: |- The statistics of default forwarder zone queries_answered_locally: description: |- The total number of queries answered from local cache format: int64 readOnly: true title: |- The total number of queries answered from local cache type: integer queries_forwarded: description: |- The total number of forwarded DNS queries format: int64 readOnly: true title: |- The total number of forwarded DNS queries type: integer timestamp: description: |- Time stamp of the current statistics, in ms format: int64 readOnly: true type: integer total_queries: description: |- The total number of received DNS queries format: int64 readOnly: true title: |- The total number of received DNS queries type: integer used_cache_statistics: description: |- The statistics of used cache items: $ref: '#/definitions/NsxTPerNodeUsedCacheStatistics' maxItems: 2 minItems: 0 readOnly: true title: |- The statistics of used cache type: array type: object x-vmw-nsx-module: PolicyDNSStatistics description: | The current statistics counters of the DNS forwarder including cache usages and query numbers per forwarders, on an NSX-T type of enforcement point. title: |- Statistics counters of the DNS forwarder x-vmw-nsx-module: PolicyDNSStatistics NsxTDNSForwarderStatus: allOf: - $ref: '#/definitions/DNSForwarderStatusPerEnforcementPoint' - properties: extra_message: description: |- Extra message, if available readOnly: true title: |- Extra message, if available type: string status: description: | UP means the DNS forwarder is working correctly on the active transport node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The DNS forwarder may be working (or not working). NO_BACKUP means DNS forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down. enum: - UP - DOWN - ERROR - NO_BACKUP - UNKNOWN readOnly: true type: string timestamp: description: |- Time stamp of the current status, in ms format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: PolicyDNSStatistics description: | The current runtime status of the DNS forwarder. title: |- The current runtime status of DNS forwarder x-vmw-nsx-module: PolicyDNSStatistics NsxTDNSForwarderZoneStatistics: description: | Statistics counters of the DNS forwarder zone. properties: domain_names: description: | Domain names configured for the forwarder. Empty if this is the default forwarder. items: type: string maxItems: 100 minItems: 0 readOnly: true title: |- Domain names configured for the forwarder type: array upstream_statistics: description: |- Statistics per upstream server. items: $ref: '#/definitions/NsxTUpstreamServerStatistics' maxItems: 3 minItems: 0 readOnly: true title: |- Statistics per upstream server. type: array title: |- Statistics counters of the DNS forwarder zone type: object x-vmw-nsx-module: PolicyDNSStatistics NsxTDnsAnswer: allOf: - $ref: '#/definitions/PolicyDnsAnswerPerEnforcementPoint' - properties: authoritative_answers: description: |- Authoritative answers items: $ref: '#/definitions/NsxTDnsQueryAnswer' maxItems: 256 minItems: 1 title: |- Authoritative answers type: array dns_server: description: | Dns server ip address and port, format is "ip address#port". title: |- Dns server information type: string edge_node_id: description: | ID of the edge node that performed the query. title: |- Edge node id type: string non_authoritative_answers: description: |- Non authoritative answers items: $ref: '#/definitions/NsxTDnsQueryAnswer' maxItems: 256 minItems: 1 title: |- Non authoritative answers type: array raw_answer: description: | It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer. title: |- Raw message returned from the dns forwarder type: string required: - edge_node_id - dns_server type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Answer of dns nslookup title: |- Answer of dns nslookup x-vmw-nsx-module: PolicyDnsForwarder NsxTDnsQueryAnswer: description: |- Answer of nslookup properties: address: description: | Resolved IP address matched with the nslookup address provided as a request parameter. title: |- Matched ip address type: string name: description: | Matched name of the given address. title: |- Matched name type: string title: |- Answer of nslookup type: object x-vmw-nsx-module: PolicyDnsForwarder NsxTPerNodeUsedCacheStatistics: description: | Query statistics counters of used cache from node properties: cached_entries: description: |- The total number of cached entries format: int64 readOnly: true title: |- The total number of cached entries type: integer node_id: description: |- UUID of active/standby transport node readOnly: true title: |- UUID of active/standby transport node type: string used_cache_size: description: |- The memory size used in cache, in kb format: int64 readOnly: true title: |- The memory size used in cache, in kb type: integer title: |- Per node used cache query statistics counters type: object x-vmw-nsx-module: PolicyDNSStatistics NsxTUpstreamServerStatistics: description: | Query statistics counters to an upstream server including successfully forwarded queries and failed queries. properties: queries_failed: description: |- Queries failed to forward. format: int64 readOnly: true title: |- Queries failed to forward. type: integer queries_succeeded: description: |- Queries forwarded successfully format: int64 readOnly: true title: |- Queries forwarded successfully type: integer upstream_server: description: |- Upstream server ip format: ip readOnly: true type: string title: |- Upstream server query statistics counters type: object x-vmw-nsx-module: PolicyDNSStatistics ObjectRolePermissionGroup: allOf: - $ref: '#/definitions/ManagedResource' - properties: inheritance_disabled: default: false description: |- Does children of this object inherit this rule title: |- Does children of this object inherit this rule type: boolean operation: description: |- Allowed operation enum: - crud - read - execute - none title: |- Allowed operation type: string path_prefix: description: |- Path prefix title: |- Path prefix type: string role_name: description: |- Role name title: |- Role name type: string rule_disabled: default: false description: |- Is rule disabled or not title: |- Is rule disabled or not type: boolean required: - role_name - path_prefix type: object x-vmw-nsx-module: PolicyAuthz description: |- RBAC Objects qualifier title: |- RBAC Objects qualifier x-vmw-nsx-module: PolicyAuthz ObjectRolePermissionGroupListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- ObjectRolePermissionGroup list results items: $ref: '#/definitions/ObjectRolePermissionGroup' title: |- ObjectRolePermissionGroup list results type: array required: - results type: object x-vmw-nsx-module: PolicyAuthz description: |- Paged collection of RBAC Objects title: |- Paged collection of RBAC Objects x-vmw-nsx-module: PolicyAuthz OidcEndPoint: allOf: - $ref: '#/definitions/ManagedResource' - properties: authorization_endpoint: description: |- The URL of the OpenID provider's authorization endpoint. readOnly: true title: |- Authorization endpoint type: string claims_supported: description: |- The list of claims that the OpenID provider supports. items: type: string readOnly: true title: |- Claims supported type: array issuer: description: | Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri. readOnly: true title: |- JWT token issuer type: string jwks_uri: description: | The URI where the JWKS document is located that has the key used to validate the JWT signature. readOnly: true title: |- URI of JWKS document type: string name: description: |- A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint. title: |- Unique name for this OpenID Connect end-point type: string oidc_type: default: vcenter description: |- Type used to distinguish the OIDC end-points by IDP. enum: - vcenter - ws_one maxLength: 255 readOnly: false title: |- OIDC Type type: string oidc_uri: description: |- URI of the OpenID Connect end-point. maxLength: 255 readOnly: false title: |- OpenID Connect URI type: string override_roles: description: |- When specified this role or roles are used instead of the nsx-role in the JWT items: type: string readOnly: true title: |- Roles used instead of token roles type: array thumbprint: description: | Thumbprint in SHA-256 format used to verify the server certificate at the URI. maxLength: 255 readOnly: false title: |- Thumbprint type: string token_endpoint: description: |- The URL of the OpenID provider's token endpoint. readOnly: true title: |- Token endpoint type: string userinfo_endpoint: description: |- The URL of the OpenID provider's userinfo endpoint. readOnly: true title: |- Userinfo endpoint type: string required: - oidc_uri - thumbprint type: object x-vmw-nsx-module: CertificateManager description: | OpenID Connect end-point specifying where to fetch the JWKS document used to validate JWT tokens for TokenBasedPrincipalIdentities. title: |- OpenID Connect end-point x-vmw-nsx-module: CertificateManager OidcEndPointListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- OidcEndPoint list. items: $ref: '#/definitions/OidcEndPoint' readOnly: true type: array type: object x-vmw-nsx-module: CertificateManager description: |- OidcEndPoint query result title: |- OidcEndPoint query result x-vmw-nsx-module: CertificateManager OnboardingAttribute: description: | Generic config onboarding attributes in form attribute name and its corresponding values. properties: name: description: |- Attribute name readOnly: true title: |- Attribute name type: string value: description: |- Attribute value readOnly: true title: |- Attribute value type: string value_type: default: STRING description: |- Attribute Type enum: - STRING - INTEGER - BOOLEAN readOnly: true title: |- Attribute Type type: string title: |- Config Onboarding Attributes type: object x-vmw-nsx-module: GmConfigOnboarding OnboardingFeatureInfo: description: | Feature information currently under process or refered to. properties: name: description: |- Feature Name readOnly: true title: |- Feature Name type: string path: description: |- Resource Path readOnly: true title: |- Resource Path type: string resource_type: description: |- Resource Type readOnly: true title: |- Resource Type type: string title: |- Onboarding Feature Information type: object x-vmw-nsx-module: GmConfigOnboarding OpenLdapIdentitySource: allOf: - $ref: '#/definitions/LdapIdentitySource' - type: object x-vmw-nsx-module: LdapIdentitySources description: |- An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T. title: |- An OpenLDAP identity source service x-vmw-nsx-module: LdapIdentitySources OspfAreaConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: area_id: description: | OSPF area-id either in decimal or dotted format. title: |- OSPF area id type: string area_type: default: NORMAL description: | Configures OSPF area with defined area type. If area_type field not specified, default is NSSA. enum: - NORMAL - NSSA title: |- OSPF area type type: string authentication: $ref: '#/definitions/OspfAuthenticationConfig' description: | Enables/Disables authentication for an OSPF area. title: |- OSPF area authentication configuration required: - area_id type: object x-vmw-nsx-module: PolicyOspf description: | Contains OSPF Area configuration. title: |- OSPF Area config x-vmw-nsx-module: PolicyOspf OspfAuthenticationConfig: description: |- Enables OSPF authentication with specfied mode and password. properties: key_id: description: | Authentication secret key id is mandatory for type md5 with min value of 1 and max value 255. format: int64 maximum: 255 minimum: 1 title: |- Authentication secret key id type: integer mode: default: NONE description: | If mode is MD5 or PASSWORD, Authentication secret key is mandatory if mode is NONE, then authenticatin is disabled. enum: - NONE - PASSWORD - MD5 title: |- Authentication mode type: string secret_key: description: | Authentication secret is mandatory for type password and md5 with min length of 1 and max length 15. title: |- Authentication secret key type: string title: |- OSPF Authentication Configuration type: object x-vmw-nsx-module: PolicyOspf OspfRoutingConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: default_originate: default: false description: | Flag to enable/disable advertisement of default route into OSPF domain. The default route should be present in the edge only then it redistributes the same into OSPF domain only if this flag is set to TRUE. title: |- Flag to enable/disable advertisement of default route type: boolean ecmp: default: true description: | Flag to enable ECMP. title: |- Flag to enable ECMP type: boolean enabled: default: false description: | Flag to enable OSPF routing protocol. Disabling will stop feature and OSPF peering. title: |- Flag to enable OSPF routing protocol type: boolean graceful_restart_mode: default: HELPER_ONLY description: |- Configuration field to hold OSPF Restart mode . enum: - DISABLE - HELPER_ONLY title: |- OSPF Graceful Restart Mode Configuration type: string summary_addresses: description: | List of summary address configruation to summarize or filter external routes based on the setting of advertise flag in each OspfSummaryAddressConfig items: $ref: '#/definitions/OspfSummaryAddressConfig' maxItems: 1000 title: |- List of OSPF summary address configuration to summarize external routes type: array type: object x-vmw-nsx-module: PolicyOspf description: | Contains OSPF routing configurations. title: |- OSPF routing config x-vmw-nsx-module: PolicyOspf OspfSummaryAddressConfig: description: |- OSPF summary address configuration to summarize external routes properties: advertise: default: true description: | Used to filter the advertisement of external routes into the OSPF domain. Setting this field to "TRUE" will enable the summarization of external routes that are covered by ip_prefix configuration. Setting this field to "FALSE" will filter the advertisement of external routes that are covered by ip_prefix configuration. title: |- Flag to enable/disable summarization of external routes type: boolean prefix: description: |- OSPF Summary address in CIDR format format: ip-cidr-block title: |- OSPF Summary address in CIDR format type: string required: - prefix title: |- OSPF Summary Address Configuration type: object x-vmw-nsx-module: PolicyOspf OverriddenResource: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: intent_path: description: | Policy resource path of the overridden resource. readOnly: true title: |- Policy resource path of the overridden resource type: string site_path: description: | Site path to the specific site that has overridden the global resource. readOnly: true title: |- Site path type: string type: object x-vmw-nsx-module: PolicyOverrides description: | Represents which federated global resources have been overrriden on a specific Site. title: |- Represents overridden resource information for federated entity. x-vmw-nsx-module: PolicyOverrides OverriddenResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- OverriddenResource list results. items: $ref: '#/definitions/OverriddenResource' title: |- OverriddenResource list results type: array required: - results type: object x-vmw-nsx-module: PolicyOverrides description: |- Paged Collection of OverriddenResource. title: |- Paged Collection of OverriddenResource x-vmw-nsx-module: PolicyOverrides PacketAddressClassifier: description: | A packet is classified to have an address binding, if its address configuration matches with all user specified properties. properties: ip_address: description: |- A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y format: address-or-block-or-range type: string mac_address: description: |- A single MAC address format: mac-address type: string vlan: description: |- Virtual Local Area Network Identifier format: int64 type: integer title: |- Address classifications for a packet type: object x-vmw-nsx-module: Switching PacketData: discriminator: resource_type properties: frame_size: default: 128 description: |- If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. format: int64 maximum: 1000 minimum: 60 title: |- Requested total size of the (logical) packet in bytes type: integer resource_type: description: |- Packet configuration enum: - BinaryPacketData - FieldsPacketData title: |- Packet configuration type: string routed: description: |- A flag, when set true, indicates that the traceflow packet is of L3 routing. title: |- A flag, when set true, indicates that the traceflow packet is of L3 routing. type: boolean transport_type: default: UNICAST description: |- transport type of the traceflow packet enum: - BROADCAST - UNICAST - MULTICAST - UNKNOWN title: |- transport type of the traceflow packet type: string required: - resource_type type: object x-vmw-nsx-module: Traceflow PacketTypeAndCounter: properties: counter: description: |- The number of packets. format: int64 title: |- The number of packets. type: integer packet_type: description: |- The type of the packets title: |- The type of the packets type: string required: - counter - packet_type type: object x-vmw-nsx-module: AggSvcL2Types PacketsDroppedBySecurity: properties: bpdu_filter_dropped: description: |- The number of packets dropped by "BPDU filter". format: int64 title: |- The number of packets dropped by "BPDU filter". type: integer dhcp_client_dropped_ipv4: description: |- The number of IPv4 packets dropped by "DHCP client block". format: int64 title: |- The number of IPv4 packets dropped by "DHCP client block". type: integer dhcp_client_dropped_ipv6: description: |- The number of IPv6 packets dropped by "DHCP client block". format: int64 title: |- The number of IPv6 packets dropped by "DHCP client block". type: integer dhcp_server_dropped_ipv4: description: |- The number of IPv4 packets dropped by "DHCP server block". format: int64 title: |- The number of IPv4 packets dropped by "DHCP server block". type: integer dhcp_server_dropped_ipv6: description: |- The number of IPv6 packets dropped by "DHCP server block". format: int64 title: |- The number of IPv6 packets dropped by "DHCP server block". type: integer spoof_guard_dropped: description: |- The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. items: $ref: '#/definitions/PacketTypeAndCounter' title: |- The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. type: array type: object x-vmw-nsx-module: AggSvcL2Types PartialPatchConfig: description: | This object allows enabling or disabling of partial patch functionality. Enabling partial patch allows patching of a subset of the fields of any object. After enabling partial patching, any object payload provided will be merged with the existing object payload. Note that while all mandatory fields are expected to be provided during the creation of any object, enabling partial patch will allow patching of existing objects with a subset of mandatory fields. properties: enable_partial_patch: description: |- boolean value used to enable/disable partial patch title: |- This object will contain the partial patch configuration. type: boolean required: - enable_partial_patch title: |- Contains configuration for Partial patch. type: object x-vmw-nsx-module: PolicySystemConfig PatchResources: allOf: - $ref: '#/definitions/Action' - properties: body: description: | Patch body representing a Hierarchical Patch payload. The resources included in the body are patched replacing the injections' keys with their actual values. title: |- Body type: object injections: description: |- Injections holding keys (variables) and their corresponding values. items: $ref: '#/definitions/Injection' minItems: 1 title: |- Injections type: array required: - body type: object x-vmw-nsx-module: PolicyReaction description: | Patch Resources is an action to create/patch resources in response to an event. title: |- Patch Resources x-vmw-nsx-module: PolicyReaction PathExpression: allOf: - $ref: '#/definitions/Expression' - properties: paths: description: |- This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed. items: type: string minItems: 1 title: |- Array of policy paths type: array required: - paths type: object x-vmw-nsx-module: Policy description: |- Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group. title: |- Path expression node x-vmw-nsx-module: Policy PathPermissionGroup: description: |- RBAC Objects qualifier properties: object_path: description: |- Full Object Path title: |- Full Object Path type: string operation: description: |- Allowed operation enum: - crud - read - execute - none title: |- Allowed operation type: string required: - operation - object_path title: |- RBAC Objects qualifier type: object x-vmw-nsx-module: PolicyAuthz PeerCertificateChain: description: |- The certificate chain presented by a remote TLS service. properties: details: description: |- List of X509Certificates. items: $ref: '#/definitions/X509Certificate' readOnly: true type: array pem_encoded: description: |- PEM encoded certificate data. readOnly: false type: string required: - pem_encoded title: |- A peer's certificate chain type: object x-vmw-nsx-module: CertificateManager PendingChangesInfoNsxT: description: | Information about recent changes, if any, that are not reflected in the Enforced Realized Status. properties: pending_changes_flag: description: | Flag describing whether there are any pending changes that are not reflected in the status. readOnly: true title: |- Pending Changes Flag type: boolean title: |- NSX-T Pending Change Info type: object x-vmw-nsx-module: PolicyRealizationStatus PerStepRestoreStatus: description: |- Restore step status properties: description: description: |- A description of the restore status readOnly: true title: |- A description of the restore status type: string value: description: |- Per step restore status value enum: - INITIAL - RUNNING - SUSPENDED_BY_USER - SUSPENDED_FOR_USER_ACTION - FAILED - SUCCESS readOnly: true title: |- Per step restore status value type: string title: |- Restore step status type: object x-vmw-nsx-module: ClusterRestore PlainFilterData: allOf: - $ref: '#/definitions/LiveTraceFilterData' - properties: basic_filter: description: |- Basic RCF rule for packet filter title: |- Basic RCF rule for packet filter type: string extend_filter: description: |- Extended RCF rule for packet filter title: |- Extended RCF rule for packet filter type: string type: object x-vmw-nsx-module: LiveTrace x-vmw-nsx-module: LiveTrace PointDefinition: description: |- Defines the point of a graph. properties: drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. title: |- Id of drilldown widget type: string field: description: |- An expression that represents the points of the graph title: |- Expression for points of the graph type: string navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the point of a graph. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array x_value: description: |- Represents the variable for the X value of points that are plotted on the graph. title: |- Variable chosen for X value of the point of the graph type: string y_value: description: |- Represents the variable for the Y value of points that are plotted on the graph. title: |- Variable chosen for Y value of the point of the graph type: string required: - y_value - x_value - field title: |- Definition of a point of graph type: object x-vmw-nsx-module: NsxDashboard Policy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: category: description: | - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. title: |- A way to classify a security policy, if needed. type: string comments: description: |- Comments for security policy lock/unlock. readOnly: false title: |- SecurityPolicy lock/unlock comments type: string internal_sequence_number: description: | This field is to indicate the internal sequence number of a policy with respect to the policies across categories. format: int32 readOnly: true title: |- Internal sequence number type: integer is_default: description: |- A flag to indicate whether policy is a default policy. readOnly: true title: |- Default policy flag type: boolean lock_modified_by: description: | ID of the user who last modified the lock for the secruity policy. readOnly: true title: |- User who locked the security policy type: string lock_modified_time: description: |- SecurityPolicy locked/unlocked time in epoch milliseconds. format: int64 readOnly: true type: integer locked: default: false description: | Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. title: |- Lock a security policy type: boolean rule_count: description: | The count of rules in the policy. format: int32 readOnly: true title: |- Rule count type: integer scheduler_path: description: | Provides a mechanism to apply the rules in this policy for a specified time duration. readOnly: false title: |- Path to the scheduler for time based scheduling type: string scope: description: | The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. format: int32 minimum: 0 title: |- Sequence number to resolve conflicts across Domains type: integer stateful: description: | Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. readOnly: false title: |- Stateful nature of the entries within this security policy. type: boolean tcp_strict: description: | Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. readOnly: false title: |- Enforce strict tcp handshake before allowing data packets type: boolean type: object x-vmw-nsx-module: Policy description: | Ordered list of Rules. This object is created by default along with the Domain. title: |- Contains ordered list of Rules x-vmw-nsx-module: Policy PolicyAlarmResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: error_details: $ref: '#/definitions/PolicyApiError' description: | Detailed information about errors from an API call made to the enforcement point, if any. title: | Detailed information about errors from an API call made to the enforcement point, if any. message: description: |- error message to describe the issue title: |- error message to describe the issue type: string source_reference: description: |- path of the object on which alarm is created title: |- path of the object on which alarm is created type: string source_site_id: description: | This field will refer to the source site on which the alarm is generated. This field is populated by GM, when it receives corresponding notification from LM. readOnly: true title: |- source site(LM) id. type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Alarm base class of realized policy object title: |- Alarm base class of realized policy object x-vmw-nsx-module: PolicyRealizedState PolicyAlarmResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of alarm resources items: $ref: '#/definitions/PolicyAlarmResource' title: |- Paged Collection of PolicyAlarmResources type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- PolicyAlarmResource list result title: |- PolicyAlarmResource list result x-vmw-nsx-module: PolicyRealizedState PolicyApiError: allOf: - $ref: '#/definitions/PolicyRelatedApiError' - properties: related_errors: description: |- Other errors related to this error items: $ref: '#/definitions/PolicyRelatedApiError' title: |- Other errors related to this error type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- Detailed information about an API Error title: |- Detailed information about an API Error x-vmw-nsx-module: PolicyRealizedState PolicyArpProxyEntry: properties: arp_proxy_ip: description: |- ARP proxy information for a service with ip. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Array of ARP proxy service address type: array service_id: description: |- Identifier of connected service on port. readOnly: true title: |- Service type id type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyArpProxyTableListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of Gateway interface ARP proxy tables items: $ref: '#/definitions/InterfaceArpProxy' readOnly: true title: |- Paginated list of Gateway interface ARP proxy tables type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyAttributes: description: |- Policy Attributes data holder properties: attribute_source: default: SYSTEM description: |- Source of attribute value i.e whether system defined or custom value enum: - SYSTEM - CUSTOM title: |- Source of attribute value i.e whether system defined or custom value type: string datatype: description: |- Datatype for attribute enum: - STRING title: |- Datatype for attribute type: string description: description: |- Description for attribute value title: |- Description for attribute value type: string isALGType: description: |- Describes whether the APP_ID value is ALG type or not. title: |- Is the value ALG type type: boolean key: description: |- URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile enum: - APP_ID - DOMAIN_NAME - URL_CATEGORY - URL_REPUTATION title: |- Key for attribute type: string metadata: description: | This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future items: $ref: '#/definitions/ContextProfileAttributesMetadata' title: |- Provide additional meta information about key/values type: array sub_attributes: description: |- Reference to sub attributes for the attribute items: $ref: '#/definitions/PolicySubAttributes' title: |- Reference to sub attributes for the attribute type: array value: description: | Multiple attribute values can be specified as elements of array. items: type: string minItems: 1 title: |- Value for attribute key type: array uniqueItems: true required: - datatype - key - value title: |- Policy Attributes data holder type: object x-vmw-nsx-module: PolicyContextProfile PolicyBasedIPSecVpnSession: allOf: - $ref: '#/definitions/IPSecVpnSession' - properties: rules: description: |- Rules items: $ref: '#/definitions/IPSecVpnRule' minItems: 1 title: |- Rules type: array required: - rules type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. title: |- Policy based VPN session x-vmw-nsx-module: PolicyIPSecVpn PolicyBasedL3VpnSession: allOf: - $ref: '#/definitions/L3VpnSession' - properties: rules: description: | L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported. items: $ref: '#/definitions/L3VpnRule' title: |- L3Vpn Rules type: array uniqueItems: true type: object x-vmw-nsx-module: PolicyL3Vpn description: | A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is referenced in a policy whose action is set as tunnel. title: |- Policy based L3Vpn Session x-vmw-nsx-module: PolicyL3Vpn PolicyBgpNeighborStatus: properties: address_families: description: |- Address families of BGP neighbor items: $ref: '#/definitions/BgpAddressFamily' readOnly: true title: |- Address families of BGP neighbor type: array announced_capabilities: description: |- BGP capabilities sent to BGP neighbor. items: type: string readOnly: true title: |- BGP capabilities sent to BGP neighbor. type: array connection_drop_count: description: |- Count of connection drop format: int64 readOnly: true title: |- Count of connection drop type: integer connection_state: description: |- Current state of the BGP session. enum: - INVALID - IDLE - CONNECT - ACTIVE - OPEN_SENT - OPEN_CONFIRM - ESTABLISHED - UNKNOWN readOnly: true title: |- Current state of the BGP session. type: string edge_path: description: |- Transport node policy path title: |- Transport node policy path type: string established_connection_count: description: |- Count of connections established format: int64 readOnly: true title: |- Count of connections established type: integer graceful_restart_mode: description: | Current state of graceful restart of BGP neighbor. Possible values are - 1. GR_AND_HELPER - Graceful restart with Helper 2. HELPER_ONLY - Helper only 3. DISABLE - Disabled readOnly: true title: |- Graceful restart mode type: string hold_time: description: | If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down. format: int64 readOnly: true title: |- Time in ms to wait for HELLO from BGP peer. type: integer keep_alive_interval: description: |- Time in ms to wait for HELLO packet from BGP peer format: int64 readOnly: true title: |- Time in ms to wait for HELLO packet from BGP peer type: integer last_update_timestamp: description: |- Timestamp when the data was last updated, unset if data source has never updated the data. format: int64 readOnly: true type: integer local_port: description: |- TCP port number of Local BGP connection format: int64 maximum: 65535 minimum: 1 readOnly: true title: |- TCP port number of Local BGP connection type: integer messages_received: description: |- Count of messages received from the neighbor format: int64 readOnly: true title: |- Count of messages received from the neighbor type: integer messages_sent: description: |- Count of messages sent to the neighbor format: int64 readOnly: true title: |- Count of messages sent to the neighbor type: integer negotiated_capability: description: |- BGP capabilities negotiated with BGP neighbor. items: type: string readOnly: true title: |- BGP capabilities negotiated with BGP neighbor. type: array neighbor_address: description: |- The IP of the BGP neighbor format: ip readOnly: true type: string neighbor_router_id: description: |- Router ID of the BGP neighbor. readOnly: true title: |- Router ID of the BGP neighbor. type: string remote_as_number: description: |- AS number of the BGP neighbor readOnly: true title: |- AS number of the BGP neighbor type: string remote_port: description: |- TCP port number of remote BGP Connection format: int64 maximum: 65535 minimum: 1 readOnly: true title: |- TCP port number of remote BGP Connection type: integer remote_site: $ref: '#/definitions/ResourceReference' description: |- Remote site details. readOnly: true title: |- Remote site source_address: description: |- The Ip address of logical port format: ip readOnly: true type: string tier0_path: description: |- Policy path to Tier0 readOnly: true title: |- Policy path to Tier0 type: string time_since_established: description: |- Time(in seconds) since connection was established. format: int64 readOnly: true title: |- Time(in seconds) since connection was established. type: integer total_in_prefix_count: description: |- Sum of in prefixes counts across all address families. format: int64 readOnly: true title: |- Count of in prefixes type: integer total_out_prefix_count: description: |- Sum of out prefixes counts across all address families. format: int64 readOnly: true title: |- Count of out prefixes type: integer type: description: |- BGP neighbor type enum: - INTER_SR - USER readOnly: true title: |- BGP neighbor type type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyBgpNeighborsStatusListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: additionalProperties: false description: |- Status of BGP neighbors of the Tier0 items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- Status of BGP neighbors of the Tier0 type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyComplianceStatus: properties: last_updated_time: description: |- Timestamp of last update format: int64 readOnly: true type: integer non_compliant_configs: description: |- List of non compliant configuration and impacted services items: $ref: '#/definitions/PolicyNonCompliantConfig' readOnly: true title: |- List of non compliant configuration and impacted services type: array type: object x-vmw-nsx-module: PolicyCompliance PolicyConfigResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: children: description: | subtree for this type within policy tree containing nested elements. items: $ref: '#/definitions/ChildPolicyConfigResource' title: |- subtree for this type within policy tree type: array marked_for_delete: default: false description: | Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. readOnly: true title: |- Indicates whether the intent object is marked for deletion type: boolean overridden: default: false description: | Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. readOnly: true title: |- Indicates whether this object is the overridden intent object type: boolean type: object x-vmw-nsx-module: Policy description: |- Represents an object on the desired state. title: |- Represents an object on the desired state x-vmw-nsx-module: Policy PolicyContextProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: attributes: description: | Property containing attributes/sub-attributes for Policy Context Profile. items: $ref: '#/definitions/PolicyAttributes' title: |- Array of Policy Context Profile attributes type: array required: - attributes type: object x-vmw-nsx-module: PolicyContextProfile description: | An entity that encapsulates attributes and sub-attributes of various network services (eg. L7 services, domain name, encryption algorithm) The entity will be consumed in firewall rules and can be added in new tuple called profile in firewall rules. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes title: |- Policy Context Profile entity x-vmw-nsx-module: PolicyContextProfile PolicyContextProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of PolicyContextProfiles items: $ref: '#/definitions/PolicyContextProfile' readOnly: true title: |- Paged collection of PolicyContextProfiles type: array type: object x-vmw-nsx-module: PolicyContextProfile description: |- List result of PolicyContextProfiles title: |- List result of PolicyContextProfiles x-vmw-nsx-module: PolicyContextProfile PolicyDnsAnswerPerEnforcementPoint: description: | DNS forwarder nslookup answer per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched. readOnly: true title: |- Enforcement point path type: string resource_type: description: | Resource type of the DNS forwarder nslookup answer. enum: - NsxTDnsAnswer title: |- Resource type type: string required: - resource_type title: |- NSLookup answer per enforcement point type: object x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarder: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: conditional_forwarder_zone_paths: description: |- Max of 5 DNS servers can be configured items: type: string maxItems: 5 title: |- Path of conditional DNS zones type: array default_forwarder_zone_path: description: | This is the zone to which DNS requests are forwarded by default title: |- Path of the default DNS zone. type: string enabled: default: true description: | The flag, which suggests whether the DNS forwarder is enabled or disabled. The default is True. title: |- DNS forwarder enabled flag type: boolean listener_ip: description: | This is the IP on which the DNS Forwarder listens. format: ipv4 type: string log_level: default: INFO description: | Set log_level to DISABLED will stop dumping fowarder log. enum: - DEBUG - INFO - WARNING - ERROR - FATAL title: |- Log level of the dns forwarder type: string required: - default_forwarder_zone_path - listener_ip type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Used to configure DNS Forwarder title: |- DNS Forwarder x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarderZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_domain_names: description: | List of domain names on which conditional forwarding is based. This field is required if the DNS Zone is being used for a conditional forwarder. This field will also be used for conditional reverse lookup. Example 1, if for one of the zones, one of the entries in the fqdn is example.com, all the DNS requests under the domain example.com will be served by the corresponding upstream DNS server. Example 2, if for one of the zones, one of the entries in the fqdn list is "13.12.30.in-addr.arpa", reverse lookup for 30.12.13.0/24 will go to the corresponding DNS server. items: type: string title: |- List of domain names type: array source_ip: description: | The source IP used by the DNS Forwarder zone. format: ipv4 type: string upstream_servers: description: |- Max of 3 DNS servers can be configured items: description: |- IPv4 address format: ipv4 type: string maxItems: 3 title: |- DNS servers to which the DNS request needs to be forwarded type: array required: - upstream_servers type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Used to configure zones on DNS Forwarder title: |- DNS Forwarder Zone x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarderZoneListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Dns Forwarder Zone list results items: $ref: '#/definitions/PolicyDnsForwarderZone' title: |- Dns Forwarder Zone list results type: array required: - results type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Paged Collection of DNS Forwarder Zones title: |- Paged Collection of DNS Forwarder Zones x-vmw-nsx-module: PolicyDnsForwarder PolicyEdgeCluster: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: inter_site_forwarding_enabled: description: | Flag to indicate status of inter site l2 and l3 forwarding in federation. readOnly: true title: |- Inter site forwarding is enabled if true type: boolean nsx_id: description: |- UUID of Edge Cluster on NSX-T enforcement point. readOnly: true title: |- Edge Cluster UUID on NSX-T Enforcement Point type: string rtep_ips: description: |- List of remote tunnel endpoint ipaddress configured on edge cluster. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote tunnel endpoint IP addresses. type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Edge Cluster. title: |- Edge Cluster x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeClusterInterSiteBgpSummary: properties: edge_cluster_path: description: |- Edge cluster path whose status is being reported. readOnly: true title: |- Edge node path type: string edge_nodes: description: |- Status of all edge nodes within cluster. items: $ref: '#/definitions/PolicyEdgeNodeInterSiteBgpSummary' readOnly: true title: |- Individual edge nodes status type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeClusterInterSiteStatus: properties: edge_cluster_name: description: |- Name of the edge cluster whose status is being reported. readOnly: true title: |- Edge cluster name type: string edge_cluster_path: description: |- Policy path of the edge cluster whose status is being reported. readOnly: true title: |- Edge cluster path type: string last_update_timestamp: description: | Timestamp when the edge cluster inter-site status was last updated. format: int64 readOnly: true type: integer member_status: description: |- Per edge node inter-site status. items: $ref: '#/definitions/PolicyEdgeClusterMemberInterSiteStatus' readOnly: true title: |- Per edge node inter-site status type: array overall_status: description: | Overall status of all edge nodes IBGP status in the edge cluster. enum: - UP - DOWN - DEGRADED - UNKNOWN readOnly: true title: |- Overall IBGP status in the edge cluster type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeClusterListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Edge Cluster list result. items: $ref: '#/definitions/PolicyEdgeCluster' title: |- Edge Cluster List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Edge Cluster title: |- Paged Collection of Edge Cluster x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeClusterMemberInterSiteStatus: properties: edge_node_path: $ref: '#/definitions/ResourceReference' description: |- Edge node details from where the status is being retrived. readOnly: true title: |- Edge node path established_bgp_sessions: description: |- Total number of current established inter-site IBGP sessions. format: int64 readOnly: true title: |- Established inter-site IBGP sessions type: integer neighbor_status: description: |- Inter-site BGP neighbor status. items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- BGP neighbor status type: array status: description: |- Edge node IBGP status enum: - UP - DOWN - DEGRADED - UNKNOWN readOnly: true title: |- Edge node IBGP status type: string total_bgp_sessions: description: |- Total number of inter-site IBGP sessions. format: int64 readOnly: true title: |- Total inter-site IBGP sessions type: integer type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeNode: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: member_index: description: | The numerical value of the member index in the edge cluster that this object represents and to which the edge node connects. format: int64 readOnly: true title: |- Member Index type: integer nsx_id: description: |- UUID of edge node on NSX-T enforcement point. readOnly: true title: |- Edge Node UUID on NSX-T Enforcement Point type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | This object serves as a representation of the edge cluster index to which the edge node connects. It should not be mistaken for the edge / transport node itself. Consuming services can refer to the nsx_id property to fetch the UUID of the edge / transport node that is attached to this index. title: |- Policy Edge Node x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeNodeInterSiteBgpSummary: properties: edge_node_path: description: |- Edge node path whose status is being reported. readOnly: true title: |- Edge node path type: string last_update_timestamp: description: | Timestamp when the inter-site IBGP neighbors status was last updated. format: int64 readOnly: true type: integer neighbor_status: description: |- Status of all inter-site IBGP neighbors. items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- Inter-site IBGP neighbors status type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeNodeListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Edge Node list result. items: $ref: '#/definitions/PolicyEdgeNode' title: |- Edge Node List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Edge Node title: |- Paged Collection of Edge Node x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyExcludeList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: members: description: |- List of the members in the exclude list items: type: string maxItems: 100 title: |- ExcludeList member list type: array required: - members type: object x-vmw-nsx-module: PolicyFirewallConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration PolicyFineTuningResourceInfo: description: | It represent the resource with details of name and fields it owns. properties: fields: description: |- List of all field of any resource items: $ref: '#/definitions/PolicyFineTuningResourceInfoDetail' title: |- List of all field of any resource type: array resource_name: description: | It will represent resource with name and fields. title: |- Resource name type: string required: - fields - resource_name title: |- Contains the detail of resources with name and fields type: object x-vmw-nsx-module: PolicyFineTuning PolicyFineTuningResourceInfoDetail: description: | Contains the details of resource field properties: field_name: description: | It will represent resource with name and fields. title: |- Resource name type: string sub_type: $ref: '#/definitions/PolicyFineTuningResourceInfo' description: |- List of all field of any resource title: |- List of all field of any resource required: - field_name - sub_type title: |- Contains the details resources with field type and name type: object x-vmw-nsx-module: PolicyFineTuning PolicyFirewallCPUMemThresholdsProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single node. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 maximum: 4294967295 minimum: 0 title: |- Sequence number of this profile binding map type: integer transport_nodes: description: | References of transport nodes on which the profile intended to be applied. items: $ref: '#/definitions/PolicyResourceReference' title: |- References of transport nodes type: array required: - sequence_number type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: | This entity will be used to establish association between CPU Memory Thresholds Profile and Transport Node. Using this entity, user can specify intent for applying Firewall CPU Memory Thresholds Profile to particular Transport Node. title: |- Policy DFW CPU Memory Thresholds Profile binding map x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding PolicyFirewallCPUMemThresholdsProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall CPU Memory Thresholds Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMap' title: |- Firewall CPU Memory Thresholds Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: |- Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps title: |- Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding PolicyFirewallCpuMemThresholdsProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cpu_threshold_percentage: default: 90 description: | CPU utilization thresholds percentage to monitor and report for distributed firewall. format: int64 maximum: 100 minimum: 10 title: |- CPU utilization thresholds percentage type: integer mem_threshold_percentage: default: 90 description: | Heap memory thresholds percentage to monitor and report for distributed firewall. format: int64 maximum: 100 minimum: 10 title: |- Heap memory thresholds utilization percentage type: integer required: - mem_threshold_percentage - cpu_threshold_percentage type: object x-vmw-nsx-module: PolicyProfile description: |- A profile holding CPU and memory thresholds configuration. title: |- Firewall CPU and memory thresholds profile x-vmw-nsx-module: PolicyProfile PolicyFirewallCpuMemThresholdsProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- PolicyFirewallCpuMemThresholdsProfile list results items: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' title: |- PolicyFirewallCpuMemThresholdsProfile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of PolicyFirewallCpuMemThresholdsProfile title: |- Paged Collection of PolicyFirewallCpuMemThresholdsProfile x-vmw-nsx-module: PolicyProfile PolicyFirewallFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 title: |- Sequence number of this profile binding map. type: integer required: - sequence_number type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: | This entity will be used to establish association between Firewall Flood Protection profile and Group. Using this entity, user can specify intent for applying Firewall Flood Protection profile to particular Group. title: |- Policy DFW Flood Protection Profile binding map x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding PolicyFirewallFloodProtectionProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall Flood Protection Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' title: |- Firewall Flood Protection Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: |- Paged collection of Firewall Flood Protection Profile Binding Maps title: |- Paged collection of Firewall Flood Protection Profile Binding Maps x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding PolicyFirewallScheduler: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: days: description: | Days of week on which rules will be enforced. If property is omitted, then days of the week will not considered while calculating the firewall schedule. It should not be present when the recurring flag is false. items: description: |- Day on which scheduled firewall rule will be enforced enum: - SUNDAY - MONDAY - TUESDAY - WEDNESDAY - THURSDAY - FRIDAY - SATURDAY type: string title: |- Days of the week type: array end_date: description: | End date on which schedule to end. Example, 12/22/2019. title: |- End date in MM/DD/YYYY type: string end_time: description: | If recurring field is set false, then this field must be present. The schedule will be enforced till the end time of the specified end date. If recurring field is set true, then this field should not be present. title: |- End time type: string recurring: default: true description: | Flag to indicate whether firewall schedule recurs or not. The default value is true and it should be set to false when the firewall schedule does not recur and is a one time time interval. title: |- Firewall schedule recurring flag type: boolean start_date: description: | Start date on which schedule to start. Example, 02/22/2019. title: |- Start date in MM/DD/YYYY type: string start_time: description: | Time in 24 hour and minutes in multiple of 30. Example, 9:00. If recurring field is set false, then this field must be present. The schedule will start getting enforced from the start time of the specified start date. If recurring field is set true, then this field should not be present. title: |- Start time type: string time_interval: description: | The recurring time interval in a day during which the schedule will be applicable. It should not be present when the recurring flag is false. items: $ref: '#/definitions/PolicyTimeIntervalValue' maxItems: 1 title: |- Recurring time interval type: array timezone: description: | Host Timezone to be used to enforce firewall rules. enum: - UTC - LOCAL title: |- Host timezone type: string required: - timezone - recurring - start_date - end_date type: object x-vmw-nsx-module: PolicyFirewallScheduler description: | An entity that encapsulates attributes to schedule firewall rules to be active to allow or block traffic for a specific period of time. Note that at least one property out of "days", "start_time", "end_time", "start_date", "end_date" is required. title: |- Policy Firewall Scheduler entity x-vmw-nsx-module: PolicyFirewallScheduler PolicyFirewallSchedulerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of PolicyFirewallSchedulers items: $ref: '#/definitions/PolicyFirewallScheduler' readOnly: true title: |- Paged collection of PolicyFirewallSchedulers type: array type: object x-vmw-nsx-module: PolicyFirewallScheduler description: |- List result of PolicyFirewallSchedulers title: |- List result of PolicyFirewallSchedulers x-vmw-nsx-module: PolicyFirewallScheduler PolicyFirewallSessionTimerProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: icmp_error_reply: default: 10 description: |- The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after ICMP error type: integer icmp_first_packet: default: 20 description: |- The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- First packet connection timeout type: integer tcp_closed: default: 20 description: |- The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after RST type: integer tcp_closing: default: 120 description: |- The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after first TN type: integer tcp_established: default: 43200 description: |- The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway,or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 120 readOnly: false title: |- Connection timeout type: integer tcp_finwait: default: 45 description: |- The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after FINs exchanged type: integer tcp_first_packet: default: 120 description: |- The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after first packet type: integer tcp_opening: default: 30 description: |- The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after second packet type: integer udp_first_packet: default: 60 description: |- The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after first packet type: integer udp_multiple: default: 60 description: |- The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after hosts sent packet type: integer udp_single: default: 30 description: |- The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timeout for destination type: integer required: - tcp_closed - tcp_opening - udp_single - tcp_finwait - tcp_first_packet - tcp_closing - tcp_established - udp_multiple - icmp_error_reply - udp_first_packet - icmp_first_packet type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: |- A profile holding TCP, UDP and ICMP session timeout configuration. title: |- Policy Firewall Session timeout profile x-vmw-nsx-module: PolicyFirewallSessionTimerProfile PolicyFirewallSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: firewall_session_timer_profile_path: description: |- PolicyPath of associated Firewall Timer Session Profile title: |- Firewall Session Timer Profile Path type: string sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 title: |- Sequence number of this profile binding map. type: integer required: - firewall_session_timer_profile_path type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: | This entity will be used to establish association between Firewall Timer session profile and Group. Using this entity, user can specify intent for applying Firewall Timer session profile to particular Group. title: |- Policy DFW Timer Session Profile binding map x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding PolicyFirewallSessionTimerProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall Session Timer Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' title: |- Firewall Session Timer Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: |- Paged collection of Firewall Session Timer Profile Binding Maps title: |- Paged collection of Firewall Session Timer Profile Binding Maps x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding PolicyFirewallSessionTimerProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy Firewall Session timeout profile list results items: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' title: |- Policy Firewall Session timeout profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: |- Paged Collection of Policy Firewall Session timeout profiles title: |- Paged Collection of Policy Firewall Session timeout profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile PolicyGroupIPMembersListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of IP addresses that belong to the given Group items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string title: |- Paged Collection of IP addresses that belong to the given Group type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of IP members belonging to a Group. title: |- Group IP members list result x-vmw-nsx-module: PolicyGroupRealization PolicyGroupMemberDetails: description: | Details of the member belonging to a Group properties: display_name: description: |- The display name of the member on the enforcement point readOnly: true title: |- The display name of the member on the enforcement point type: string id: description: |- The ID of the member on the enforcement point readOnly: true title: |- The ID of the member on the enforcement point type: string path: description: |- The path of the member, if relevant readOnly: true title: |- The path of the member, if relevant type: string title: |- Group member details type: object x-vmw-nsx-module: PolicyGroupRealization PolicyGroupMembersListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of members that belong to the given Group items: $ref: '#/definitions/PolicyGroupMemberDetails' title: |- Paged Collection of members that belong to the given Group type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of members belonging to a Group. title: |- Group members list result x-vmw-nsx-module: PolicyGroupRealization PolicyIPAddressInfo: description: | Used to specify the display name and value of the IPv4Address. properties: address_value: description: | Value of the IPv4Address. format: ipv4 type: string display_name: description: | Display name used to help identify the IPv4Address. title: |- Display name of the IPv4Address type: string next_hop: description: | Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed. format: ipv4 type: string required: - address_value title: |- IP address information type: object x-vmw-nsx-module: PolicyL3Vpn PolicyIgmpProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: last_member_query_interval: default: 1 description: | Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the "leave latency" of the network. A reduced value results in reduced time to detect the loss of the last member of a group. format: int32 maximum: 25 minimum: 1 title: |- Max Response Time type: integer query_interval: default: 30 description: | Interval(seconds) between general IGMP host-query messages. format: int32 maximum: 1800 minimum: 1 title: |- Interval between general IGMP host-query messages type: integer query_max_response_time: default: 10 description: | The query response interval(seconds) is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. Configuring this interval allows admins to adjust the burstiness of IGMP messages on the subnet; larger values make the traffic less bursty, as host responses are spread out over a larger interval. The number of seconds represented by the query_max_response_time must be less than the query_interval. format: int32 maximum: 25 minimum: 1 title: |- The maximum elapsed time between response type: integer robustness_variable: default: 2 description: | The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable must not be zero, and SHOULD NOT be one. format: int32 maximum: 255 minimum: 1 title: |- The Robustness Variable type: integer type: object x-vmw-nsx-module: PolicyMulticast description: |- IGMP profile. title: |- IGMP Profile x-vmw-nsx-module: PolicyMulticast PolicyInsertParameters: description: | Parameters to let the admin specify a relative position of a security policy or rule w.r.t to another one. properties: anchor_path: description: | The security policy/rule path if operation is 'insert_after' or 'insert_before' title: | The security policy/rule path if operation is 'insert_after' or 'insert_before' type: string operation: default: insert_top description: |- Operation enum: - insert_top - insert_bottom - insert_after - insert_before title: |- Operation type: string title: | Parameters to tell where security policy/rule needs to be placed type: object x-vmw-nsx-module: Policy PolicyInterfaceOspfConfig: description: |- OSPF Interface configuration. properties: bfd_path: description: | This filed is valid only if enable_bfd is set to TRUE. If enable_bfd flag is set to TRUE, this profile will be applied to all OSPF peers in this interface. If this field is empty, bfd_path will refer to Tier-0 global BFD profile. title: |- Policy path of BFD profile type: string dead_interval: default: 40 description: | Specifies the number of seconds that router must wait before it declares a OSPF neighbor router down because it has not received OSPF hello packet. OSPF dead interval should be minimum 3 times greater than the hello interval format: int32 maximum: 65535 minimum: 3 title: |- OSPF dead interval in seconds type: integer enable_bfd: description: | Enable/Disable OSPF to register for BFD event. Use FALSE to disable BFD. title: |- enable BFD for OSPF type: boolean enabled: default: false description: | enable/disable OSPF on the interface. If enabled flag not specified, defailt is disable OSPF. title: |- enable/disable OSPF type: boolean hello_interval: default: 10 description: | Specifies the interval between the hello packets that OSPF sends on this interface. OSPF hello interval should be less than the dead interval format: int32 maximum: 21845 minimum: 1 title: |- OSPF hello interval in seconds type: integer network_type: default: BROADCAST description: | Configure OSPF networkt type, default is BROADCAST network type enum: - BROADCAST - P2P title: |- Configure OSPF networkt type type: string ospf_area: description: | Attache Tier0 Interface to specified OSPF Area. all peers. title: |- Attach Tier0 Interface to specified OSPF Area type: string required: - ospf_area title: |- OSPF Interface configuration type: object x-vmw-nsx-module: PolicyConnectivity PolicyInterfaceStatistics: allOf: - $ref: '#/definitions/LogicalRouterPortStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Tier0 or Tier1 interface statistics on specific Enforcement Point. title: |- Tier0 or Tier1 interface statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics PolicyInterfaceStatisticsSummary: allOf: - $ref: '#/definitions/LogicalRouterPortStatisticsSummary' - properties: interface_policy_path: description: |- Policy path for the interface title: |- Policy path for the interface type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Tier0 or Tier1 interface statistics on specific Enforcement Point. title: |- Tier0 or Tier1 interface statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics PolicyLabel: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: refs: description: |- Policy entity paths referred by the label instance items: type: string title: |- Policy entity paths referred by the label instance type: array type: description: |- Policy intent entity type from PolicyResourceType title: |- Policy intent entity type from PolicyResourceType type: string required: - type type: object x-vmw-nsx-module: PolicyLabel description: |- Label to reference group of policy entities of same type. title: |- Label to reference group of policy entities of same type. x-vmw-nsx-module: PolicyLabel PolicyLabelListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy label list results items: $ref: '#/definitions/PolicyLabel' title: |- Policy label list results type: array required: - results type: object x-vmw-nsx-module: PolicyLabel description: |- Paged Collection of Domains title: |- Paged Collection of Domains x-vmw-nsx-module: PolicyLabel PolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: fall_count: default: 3 description: | Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. format: int64 title: |- Monitor fall count for active healthchecks type: integer interval: default: 5 description: | Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. format: int64 title: |- Monitor interval in seconds for active healthchecks type: integer monitor_port: description: | Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. format: int32 maximum: 65535 minimum: 0 title: |- Monitor port for active healthchecks type: integer resource_type: enum: - TcpPolicyLbMonitorProfile - UdpPolicyLbMonitorProfile - IcmpPolicyLbMonitorProfile - HttpPolicyLbMonitorProfile - HttpsPolicyLbMonitorProfile type: string rise_count: default: 3 description: | Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. format: int64 title: |- Monitor rise count for active healthchecks type: integer timeout: default: 15 description: | Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. format: int64 title: |- Monitor timeout in seconds for active healthchecks type: integer required: - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | All the types of PolicyLbMonitorProfile extend from this abstract class. This is present for extensibility. title: |- Base class for each type or protocol of PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - L4PolicyLbPersistenceProfile - L7PolicyLbPersistenceProfile - CustomPolicyLbPersistenceProfile type: string required: - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- Contains the information related to load balancer persistence options x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbPoolAccess: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: algorithm: default: ROUND_ROBIN description: | Load balanding algorithm controls how the incoming connections are distributed among the members. - ROUND_ROBIN - requests to the application servers are distributed in a round-robin fashion, - LEAST_CONNECTION - next request is assigned to the server with the least number of active connections enum: - ROUND_ROBIN - LEAST_CONNECTION title: |- Load balancing algorithm type: string ip_port_list: description: | IP Port list for applications within the Group to allow for non-uniform port usage by applications items: $ref: '#/definitions/IPAddressPortPair' title: |- IP Port list for applications within the Group type: array lb_monitor_profile: description: | Path of the PolicyLbMonitorProfile to actively monitor the PolicyLbPoolAccess's Group title: |- Path of the PolicyLbMonitorProfile to actively monitor the PolicyLbPoolAccess's Group type: string pool_port: description: | Port for LoadBalancer to send connections to the PolicyLbPoolAccess's Group. Pool_port could be optional, if it is not specified, LB will use PolicyLbVirtualServer port to connect to backend servers. If the PolicyLbMonitorProfile is configured in PolicyLbPoolAccess and active monitor IP protocol is TCP/UDP(which requires TCP or UDP port number), monitor_port should be specified if pool_port is unset. format: int32 maximum: 65535 minimum: 0 title: |- Port for LoadBalancer to send traffic type: integer source_nat: default: ENABLED description: | Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. SNAT is enabled by default and will use the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. enum: - ENABLED - DISABLED title: |- Source NAT setting of the PolicyLbPoolAccess type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Defining access of a Group from a PolicyLbVirtualServer and binding to PolicyLbMonitorProfile. title: |- Defining access a Group from a PolicyLbVirtualServer and binding to PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: host_match: description: | This condition is used to match HTTP request messages by the specific HTTP header field, Host. The Host request header specifies the domain name of the server. The supplied Host HTTP header match condition will be matched as a regular expression. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre .org for PCRE and the NSX-T Administrator's Guide for the restrictions. Please note, when regular expressions are used in JSON (JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. title: |- Host HTTP header match condition type: string lb_virtual_server: description: | The path of PolicyLbVirtualServer to bind to this PolicyLbRule and its Group title: |- PolicyLbVirtualServer path type: string match_strategy: default: ANY description: | If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this PolicyLbRule to be considered a match - ANY indicates that either host_match or patch match may match for this PolicyLbRule to be considered a match enum: - ALL - ANY title: |- Match strategy for determining match of multiple conditions type: string path_match: description: | This condition is used to match URIs(Uniform Resource Identifier) of HTTP request messages. The URI field can be specified as a regluar expression. If an HTTP request message is requesting an URI which matches specified regular expression, it matches the condition. The syntax of whole URI looks like this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] This condition matches only the path part of entire URI. The path_match field is used as a regular expression to match URI path of HTTP requests. For example, to match any URI that has "/image/" or "/images/", uri field can be specified as: "/image[s]?/". The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre .org for PCRE and the NSX-T Administrator's Guide for the restrictions. Please note, when regular expressions are used in JSON (JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. title: |- HTTP request uri match condition type: string sequence_number: description: | This field is used to resolve conflicts between multiple PolicyLbRules associated with a single PolicyLbVirtualServer and will be applied numerically or low to high format: int32 title: |- Sequence number of the this PolicyLbRule type: integer type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Binding of a LbPoolAccess and Group to a PolicyLbVirtualServer used to route application traffic passing through load balancers. PolicyLbRule uses match conditions to match application traffic passing through a PolicyLbVirtualServer using HTTP or HTTPS. Can bind multiple PolicyLbVirtualServers to a Group. Each PolicyLbRule consists of two optional match conditions, each match contidion defines a criterion for application traffic. If no match conditions are specified, then the PolicyLbRule will always match and it is used typically to define default rules. If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the PolicyLbRule to be considered a match. A match indicates that the PolicyLbVirtualServer should route the request to the Group (parent of PolicyLbRule). title: |- Binding of a LbPoolAccess and Group to a PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: access_log_enabled: default: false description: | If access log is enabled, all HTTP requests sent to an L7 virtual server are logged to the access log file. Both successful requests (backend server returns 2xx) and unsuccessful requests (backend server returns 4xx or 5xx) are logged to access log, if enabled. title: |- Access log enabled setting type: boolean ip_address: description: | Configures the IP address of the PolicyLbVirtualServer where it receives all client connections and distributes them among the backend servers. format: ip type: string lb_persistence_profile: description: | Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. title: |- Persistence Profile used by PolicyLbVirtualServer type: string ports: description: | Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string title: |- Virtual server port number(s) or port range(s) type: array resource_type: enum: - TcpPolicyLbVirtualServer - UdpPolicyLbVirtualServer - HttpPolicyLbVirtualServer - HttpsPolicyLbVirtualServer - CustomPolicyLbVirtualServer type: string router_path: description: | Path to router type object that PolicyLbVirtualServer connects to. The only supported router object is Network. title: |- Path to router type object for PolicyLbVirtualServer type: string traffic_source: type: string required: - ip_address - router_path - ports - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | All the types of PolicyLbVirtualServer extend from this abstract class. This is present for extensibility. title: |- Base class for each type of PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer PolicyListResult: allOf: - $ref: '#/definitions/ListResult' - type: object x-vmw-nsx-module: Policy description: |- Paged Collection of security policies title: |- Paged Collection of security policies x-vmw-nsx-module: Policy PolicyLiveTraceActionConfig: description: |- Livetrace action configuration properties: count_config: $ref: '#/definitions/CountActionConfig' description: |- Configuration of count action title: |- Configuration of count action pktcap_config: $ref: '#/definitions/LiveTracePacketGranularActionConfig' description: |- Configuration of packet capture action title: |- Configuration of packet capture action trace_config: $ref: '#/definitions/LiveTracePacketGranularActionConfig' description: |- Configuration of trace action title: |- Configuration of trace action title: |- Livetrace action configuration type: object x-vmw-nsx-module: PolicyConnectivity PolicyMulticastConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: false description: |- Enable/disable Multicast Configuration. title: |- Enable/disable Multicast Configuration type: boolean igmp_profile_path: description: | Updates to IGMP profile applied on all Tier0 gateways consuming the configuration. title: |- Policy path to IGMP profile type: string pim_profile_path: description: | Updates to PIM profile applied on all Tier0 gateways consuming the configuration. title: |- Policy path to PIM profile type: string replication_multicast_range: description: |- Replication multicast range. Required when enabled. format: ipv4-cidr-block title: |- Replication multicast range type: string type: object x-vmw-nsx-module: PolicyMulticast description: |- Multicast routing configuration. title: |- Multicast routing configuration x-vmw-nsx-module: PolicyMulticast PolicyNATRuleCounters: description: | Gives the statistics count of a NAT rule. properties: active_sessions: description: | Gives the total number of active sessions. format: int64 readOnly: true title: |- Active sessions type: integer total_bytes: description: | Gives the total number of bytes. format: int64 readOnly: true title: |- Total bytes type: integer total_packets: description: | Gives the total number of packets. format: int64 readOnly: true title: |- Total packets type: integer title: |- Statistics count type: object x-vmw-nsx-module: PolicyNAT PolicyNat: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: nat_type: description: |- Represents a NAT section under tier-0/tier-1. enum: - INTERNAL - USER - DEFAULT - NAT64 title: |- NAT section under tier-0/tier-1 type: string type: object x-vmw-nsx-module: PolicyNAT description: | Represents NAT section. This object is created by default when corresponding tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections). (INTERNAL, USER, DEFAULT and NAT64). title: |- Contains list of NAT Rules x-vmw-nsx-module: PolicyNAT PolicyNatRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | Source NAT(SNAT) - translates a source IP address in an outbound packet so that the packet appears to originate from a different network. SNAT is only supported when the logical router is running in active-standby mode. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. DNAT is only supported when the logical router is running in active-standby mode. Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the "n". The number of original networks should be exactly the same as that of translated networks. The address translation is deterministic. Reflexive is supported on both Active/Standby and Active/Active LR. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported. NAT64 - translates an external IPv6 address to a internal IPv4 address. enum: - SNAT - DNAT - REFLEXIVE - NO_SNAT - NO_DNAT - NAT64 title: |- Represents action of NAT Rule SNAT, DNAT, REFLEXIVE type: string destination_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. format: list-of-address-or-block-or-range type: string enabled: default: true description: | The flag, which suggests whether the NAT rule is enabled or disabled. The default is True. title: |- Policy NAT Rule enabled flag type: boolean firewall_match: default: MATCH_INTERNAL_ADDRESS description: | It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned enum: - MATCH_EXTERNAL_ADDRESS - MATCH_INTERNAL_ADDRESS - BYPASS title: |- Represents the firewall match flag type: string logging: default: false description: | The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False. title: |- Policy NAT Rule logging flag type: boolean scope: description: | Represents the array of policy paths of ProviderInterface or NetworkInterface or labels of type ProviderInterface or NetworkInterface on which the NAT rule should get enforced. The interfaces must belong to the same router for which the NAT Rule is created. items: type: string title: |- Array of policy paths of labels, ProviderInterface, NetworkInterface type: array sequence_number: default: 0 description: | The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023 format: int32 title: |- Sequence number of the Nat Rule type: integer service: description: | It represents the path of Service on which the NAT rule will be applied. If not provided or if it is blank then Policy manager will consider it as ANY. Please note, if this is a DNAT, the destination_port of the service will be realized on NSX Manager as the translated_port. And if this is a SNAT, the destination_port will be ignored. title: |- Represents the service on which the NAT rule will be applied type: string source_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network. format: list-of-address-or-block-or-range type: string translated_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. format: list-of-address-or-block-or-range type: string translated_ports: description: | Please note, if there is service configured in this NAT rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored. format: port-or-range type: string required: - action type: object x-vmw-nsx-module: PolicyNAT description: |- Represents a NAT rule between source and destination at T0/T1 router. title: |- Represents a NAT rule between source and destination at T0/T1 router x-vmw-nsx-module: PolicyNAT PolicyNatRuleListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT Rules list results items: $ref: '#/definitions/PolicyNatRule' title: |- NAT Rules list results type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: |- Paged Collection of NAT Rules title: |- Paged Collection of NAT Rules x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatistics: allOf: - $ref: '#/definitions/PolicyNATRuleCounters' - properties: last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer warning_message: description: | The warning message about the NAT Rule Statistics. readOnly: true title: |- Warning Message type: string type: object x-vmw-nsx-module: PolicyNAT description: | Gives the Statistics of a NAT rule. title: |- Statistics of NAT Rule x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT rules statistics per enforcement point items: $ref: '#/definitions/PolicyNatRuleStatisticsPerEnforcementPoint' title: |- NAT rules statistics per enforcement point type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: | Gives the collection of NAT rule statistics per enforcement point. title: |- Collection of NAT Rule statistics x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerEnforcementPoint: description: | Gives the statistics of a NAT rule per enforcement point. properties: enforcement_point_path: description: | Policy Path referencing the enforcement point from where the statistics are fetched. title: |- Enforcement point Path type: string rule_path: description: | Path of NAT Rule. title: |- Path of NAT Rule type: string rule_statistics: description: | Gives NAT rule stats on an enforcement point. items: $ref: '#/definitions/PolicyNatRuleStatistics' readOnly: true title: |- Rule statistics per enforcement point type: array title: |- Statistics of NAT Rule per enforcement point type: object x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerLogicalRouter: description: | Gives the statistics of a NAT rule per logical router on specified enforcement point. properties: enforcement_point_path: description: | Policy Path referencing the enforcement point from where the statistics are fetched. title: |- Enforcement point Path type: string last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer per_node_statistics: description: | Detailed Rule statistics per logical router. items: $ref: '#/definitions/PolicyNatRuleStatisticsPerTransportNode' readOnly: true title: |- Detailed Rule statistics type: array router_path: description: | Path of the router. title: |- Router path type: string statistics: $ref: '#/definitions/PolicyNATRuleCounters' description: | Rolled up statistics for all rules on the logical router. readOnly: true title: |- Rolled up statistics title: |- Statistics of NAT Rule per logical router type: object x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerLogicalRouterListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT rules statistics per logical router items: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouter' title: |- NAT rules statistics per logical router type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: | Gives the collection of NAT rule statistics per logical router on specified enforcement point. title: |- Collection of NAT rule statistics per logical router x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerTransportNode: allOf: - $ref: '#/definitions/PolicyNATRuleCounters' - properties: last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer transport_node_path: description: | Policy path of the Edge Node. readOnly: true title: |- Node path type: string type: object x-vmw-nsx-module: PolicyNAT description: | Gives the Statistics of a NAT rule. title: |- Statistics of NAT Rule x-vmw-nsx-module: PolicyNAT PolicyNonCompliantConfig: properties: affected_resources: description: |- Resources/Services impacted by non compliant configuration items: $ref: '#/definitions/PolicyResourceReference' readOnly: true title: |- Resources/Services impacted by non compliant configuration type: array description: description: |- Detail description of non compliant configuration with suggestive action readOnly: true title: |- Detail description of non compliant configuration with suggestive action type: string non_compliance_code: description: |- Code for non compliant configuration format: int64 readOnly: true title: |- Code for non compliant configuration type: integer reported_by: $ref: '#/definitions/PolicyResourceReference' description: |- Id and name of non compliant resource/service readOnly: true title: |- Id and name of non compliant resource/service type: object x-vmw-nsx-module: PolicyCompliance PolicyPimProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bsm_enabled: default: true description: |- Enable/disable bootstrap messaging Configuration. title: |- Enable/disable bootstrap messaging Configuration type: boolean rp_address: description: |- Static IPv4 multicast address configuration. format: ip type: string rp_address_multicast_ranges: description: |- Static IPv4 multicast address and assciated multicast groups configuration. items: $ref: '#/definitions/RpAddressMulticastRanges' title: |- Static IPv4 multicast address and assciated multicast groups configuration type: array type: object x-vmw-nsx-module: PolicyMulticast description: |- PIM profile. title: |- PIM profile x-vmw-nsx-module: PolicyMulticast PolicyRealizedResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: alarms: description: |- Alarm info detail items: $ref: '#/definitions/PolicyAlarmResource' title: |- Alarm info detail type: array intent_reference: description: |- Desire state paths of this object items: type: string title: |- Desire state paths of this object type: array realization_api: description: |- Realization API of this object on enforcement point title: |- Realization API of this object on enforcement point type: string realization_specific_identifier: description: |- Realization id of this object title: |- Realization id of this object type: string runtime_error: description: | It define the root cause for runtime error. title: |- String representation of runtime error type: string runtime_status: description: | Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. title: |- String representation of runtime status type: string state: description: |- Realization state of this object enum: - UNAVAILABLE - UNREALIZED - REALIZED - ERROR title: |- Realization state of this object type: string required: - state type: object x-vmw-nsx-module: PolicyRealizedState description: |- Abstract base class for all the realized policy objects title: |- Abstract base class for all the realized policy objects x-vmw-nsx-module: PolicyRealizedState PolicyRelatedApiError: description: |- Detailed information about errors from API call to an enforcement point properties: details: description: |- Further details about the error title: |- Further details about the error type: string error_code: description: |- A numeric error code format: int64 title: |- A numeric error code type: integer error_data: description: |- Additional data about the error title: |- Additional data about the error type: object error_message: description: |- A description of the error title: |- A description of the error type: string module_name: description: |- The module name where the error occurred title: |- The module name where the error occurred type: string title: |- Detailed information about errors from API call to an enforcement point type: object x-vmw-nsx-module: PolicyRealizedState PolicyResource: allOf: - $ref: '#/definitions/ManagedResource' - properties: parent_path: description: |- Path of its parent readOnly: true title: |- Path of its parent type: string path: description: |- Absolute path of this object readOnly: true title: |- Absolute path of this object type: string relative_path: description: |- Path relative from its parent readOnly: true title: |- Relative path of this object type: string unique_id: description: | This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. readOnly: true title: |- A unique identifier assigned by the system type: string type: object x-vmw-nsx-module: Policy description: |- Abstract base class for all the policy objects. title: |- Abstract base class for all the policy objects x-vmw-nsx-module: Policy PolicyResourceReference: allOf: - $ref: '#/definitions/ResourceReference' - properties: path: description: |- Absolute path of this object. readOnly: true title: |- Absolute path of this object type: string type: object x-vmw-nsx-module: Policy description: |- Policy resource reference. title: |- Policy resource reference x-vmw-nsx-module: Policy PolicyResourceReferenceForEP: allOf: - $ref: '#/definitions/PolicyResourceReference' - type: object x-vmw-nsx-module: PolicyGroupRealization description: | Policy resource reference for enforcement point title: |- Policy resource reference for enforcement point x-vmw-nsx-module: PolicyGroupRealization PolicyResourceReferenceForEPListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of policy resource references for enforcement point items: $ref: '#/definitions/PolicyResourceReferenceForEP' title: |- Paged Collection of policy resource references for enforcement point type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of policy resource references for enforcement point title: |- Policy resource reference list for enforcement point x-vmw-nsx-module: PolicyGroupRealization PolicyResourceReferenceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy resource references list results items: $ref: '#/definitions/PolicyResourceReference' title: |- Policy resource references list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of PolicyResourceReference title: |- Paged Collection of PolicyResourceReference x-vmw-nsx-module: Policy PolicyRuntimeAlarm: description: | Alarm associated with the PolicyRuntimeInfoPerEP that exposes potential errors when retrieving runtime information from the enforcement point. properties: error_details: $ref: '#/definitions/PolicyApiError' description: | Detailed information about errors from an API call made to the enforcement point, if any. readOnly: true title: |- Error Detailed Information error_id: description: |- Alarm error id. readOnly: true title: |- Alarm Error Id type: string message: description: |- Error message describing the issue. readOnly: true title: |- Error Message to Describe the Issue type: string title: |- Alarm of PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics PolicyRuntimeInfoPerEP: description: | Runtime Info Per Enforcement Point. properties: alarm: $ref: '#/definitions/PolicyRuntimeAlarm' description: |- Alarm information details. readOnly: true title: |- Alarm Information Details enforcement_point_path: description: | Policy Path referencing the enforcement point where the info is fetched. readOnly: true title: |- Enforcement point Path type: string title: |- PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics PolicySIExcludeList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: members: description: |- List of the members in the exclude list items: type: string maxItems: 100 title: |- ExcludeList member list type: array required: - members type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- List of entities where Service Insertion will not be enforced. Exclusion List can contain PolicyGroup(s) or SegmentPort(s) or Segment(s). title: |- Service Insertion Exclusion List x-vmw-nsx-module: PolicyServiceInsertion PolicySIStatusConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: east_west_enabled: default: false description: | If set to true, service insertion for east-west traffic is enabled. title: |- East-West status flag type: boolean north_south_enabled: default: false description: | If set to true, service insertion for north-south traffic is enabled. title: |- North-South status flag type: boolean type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- It represents status of Service Insertion for North-South and East-West context types. title: |- Service Insertion Status x-vmw-nsx-module: PolicyServiceInsertion PolicyServiceChain: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: failure_policy: default: ALLOW description: |- Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios. enum: - ALLOW - BLOCK readOnly: false title: |- Failure Policy type: string forward_path_service_profiles: description: |- Forward path service profiles are applied to ingress traffic. items: type: string maxItems: 4 readOnly: false title: |- Forward path service profiles type: array path_selection_policy: default: ANY description: |- Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability. enum: - ANY - LOCAL - REMOTE - ROUND_ROBIN readOnly: false title: |- Path Selection Policy type: string reverse_path_service_profiles: description: |- Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied. items: type: string maxItems: 4 readOnly: false title: |- Reverse path service profiles type: array service_segment_path: description: |- Path to service segment using which the traffic needs to be redirected. items: type: string maxItems: 1 minItems: 1 readOnly: false title: |- Path to service segment type: array required: - service_segment_path - forward_path_service_profiles type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services. title: |- Policy Service Chain x-vmw-nsx-module: PolicyServiceInsertion PolicyServiceInstance: allOf: - $ref: '#/definitions/BasePolicyServiceInstance' - properties: attributes: description: |- List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance. items: $ref: '#/definitions/Attribute' maxItems: 128 title: |- Deployment Template attributes type: array compute_id: description: |- Id of the compute(ResourcePool) to which this service needs to be deployed. title: |- Id of the compute resource. type: string context_id: description: |- UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed. title: |- Id of the compute manager type: string deployment_spec_name: description: |- Form factor for the deployment of partner service. title: |- Name of the Deployment Specification type: string deployment_template_name: description: |- Template for the deployment of partnet service. title: |- Name of the Deployment Template type: string failure_policy: default: BLOCK description: |- Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE. enum: - ALLOW - BLOCK title: |- Failure policy for the Service VM type: string primary_gateway_address: description: | Gateway address for primary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. format: address-or-block-or-range type: string primary_interface_mgmt_ip: description: |- Management IP Address of primary interface of the Service format: address-or-block-or-range type: string primary_interface_network: description: |- Path of the segment to which primary interface of the Service VM needs to be connected title: |- Path of the segment to which primary interface of the Service VM needs to be connected type: string primary_portgroup_id: description: | Id of the standard or ditsributed port group for primary management console. Please note that only 1 of the 2 values from 1. primary_interface_network 2. primary_portgroup_id are allowed to be passed. Both can't be passed in the same request. title: |- Id of the standard or ditsributed port group for primary management console type: string primary_subnet_mask: description: | Subnet for primary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. format: address-or-block-or-range type: string secondary_gateway_address: description: | Gateway address for secondary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. format: address-or-block-or-range type: string secondary_interface_mgmt_ip: description: |- Management IP Address of secondary interface of the Service format: address-or-block-or-range type: string secondary_interface_network: description: |- Path of segment to which secondary interface of the Service VM needs to be connected title: |- Path of segment to which secondary interface of the Service VM needs to be connected type: string secondary_portgroup_id: description: | Id of the standard or ditsributed port group for secondary management console. Please note that only 1 of the 2 values from 1. secondary_interface_network 2. secondary_portgroup_id are allowed to be passed. Both can't be passed in the same request. title: |- Id of the standard or ditsributed port group for secondary management console type: string secondary_subnet_mask: description: | Subnet for secondary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. format: address-or-block-or-range type: string storage_id: description: |- Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed. title: |- Id of the storage type: string required: - primary_interface_mgmt_ip - compute_id - deployment_spec_name - deployment_template_name - storage_id - attributes type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner Service and its configuration. title: |- Represents an instance of partner Service and its configuration x-vmw-nsx-module: PolicyServiceInsertion PolicyServiceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: attributes: description: |- List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here. items: $ref: '#/definitions/Attribute' maxItems: 128 readOnly: false title: |- Service profile attributes type: array redirection_action: description: |- The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service. enum: - PUNT - COPY readOnly: false title: |- Redirection action type: string vendor_template_key: description: |- The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist. title: |- Vendor Template Key type: string vendor_template_name: description: |- Name of the vendor template for which this Service Profile is being created. readOnly: false title: |- Vendor template name type: string type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail. title: |- Policy Service Profile for a given Service x-vmw-nsx-module: PolicyServiceInsertion PolicySubAttributes: description: |- Policy Sub Attributes data holder properties: datatype: description: |- Datatype for sub attribute enum: - STRING title: |- Datatype for sub attribute type: string key: description: |- Key for sub attribute enum: - TLS_CIPHER_SUITE - TLS_VERSION - CIFS_SMB_VERSION title: |- Key for sub attribute type: string value: description: | Multiple sub attribute values can be specified as elements of array. items: type: string minItems: 1 title: |- Value for sub attribute key type: array uniqueItems: true required: - datatype - value - key title: |- Policy Sub Attributes data holder type: object x-vmw-nsx-module: PolicyContextProfile PolicyTask: allOf: - $ref: '#/definitions/TaskProperties' - properties: failure_msg: description: | This property holds the reason of the task failure, if any. readOnly: true title: |- Reason of the task failure type: string type: object x-vmw-nsx-module: PolicyTask description: | This object holds the information of the task. title: |- Task information x-vmw-nsx-module: PolicyTask PolicyTepCsvListResult: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/PolicyTepTableCsvRecord' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyTepListResult: allOf: - $ref: '#/definitions/ListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/PolicyTepTableEntry' type: array transport_node_id: description: |- Transport node identifier readOnly: true title: |- Transport node identifier type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyTepTableCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: segment_id: description: |- This is the identifier of the TEP segment. This segment is NOT the same as logical segment or logical switch. title: |- TEP segment identifier type: string tep_ip: description: |- The tunnel endpoint IP address format: ip type: string tep_label: description: |- The tunnel endpoint label format: int64 title: |- The tunnel endpoint label type: integer tep_mac_address: description: |- The tunnel endpoint MAC address title: |- The tunnel endpoint MAC address type: string required: - tep_label - tep_mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyTepTableEntry: properties: segment_id: description: |- The segment Id title: |- The segment Id type: string tep_ip: description: |- The tunnel endpoint IP address format: ip type: string tep_label: description: |- The tunnel endpoint label format: int64 title: |- The tunnel endpoint label type: integer tep_mac_address: description: |- The tunnel endpoint MAC address title: |- The tunnel endpoint MAC address type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyTier1MulticastConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: false description: |- Enable/disable Multicast Configuration. Whenever service router needs to be added/deleted from tier1, user needs to disable multicast first. title: |- Enable/disable Multicast Configuration type: boolean type: object x-vmw-nsx-module: PolicyMulticast description: |- Multicast routing configuration. title: |- Multicast routing configuration x-vmw-nsx-module: PolicyMulticast PolicyTimeIntervalValue: description: |- Time interval on which firewall schedule will be applicable properties: end_interval: description: | Time in 24 hour and minutes in multiple of 30. Example, 17:30. title: |- End time of the interval type: string start_interval: description: | Time in 24 hour and minutes in multiple of 30. Example, 9:00. title: |- Start time of the interval type: string required: - start_interval - end_interval title: |- Time interval on which firewall schedule will be applicable type: object x-vmw-nsx-module: PolicyFirewallScheduler PolicyTransportZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_default: default: false description: | Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type. title: |- Flag to indicate if the transport zone is the default one type: boolean nsx_id: description: |- UUID of transport zone on NSX-T enforcement point. readOnly: true title: |- Transport Zone UUID on NSX-T Enforcement Point type: string tz_type: description: | Transport Zone Type. enum: - OVERLAY_STANDARD - OVERLAY_ENS - VLAN_BACKED - UNKNOWN readOnly: true title: |- Transport Zone Type type: string uplink_teaming_policy_names: description: |- The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones. items: type: string title: |- Names of the switching uplink teaming policies that are supported by this transport zone. type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Transport Zone. title: |- Transport Zone x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyTransportZoneListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Transport Zone list result. items: $ref: '#/definitions/PolicyTransportZone' title: |- Transport Zone List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Transport Zone title: |- Paged Collection of Transport Zone x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyUrlCategorizationConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: context_profiles: description: | The ids of the context profiles that provides the list of categories to be detected. This field is deprecated. URL Categorization will not be supported in association with context profiles. items: type: string title: |- Context profiles type: array x-deprecated: true enabled: description: | Property which specifies the enabling/disabling of the feature. title: |- Enabled type: boolean update_frequency: default: 30 description: | The frequency in minutes at which the updates are downloaded from the URL categorization cloud service. The minimum allowed value is 5 minutes. format: int32 minimum: 5 title: |- Policy URL Categorization Update Frequency type: integer required: - enabled type: object x-vmw-nsx-module: PolicyUrlCategorization description: | The type contains information about the configuration of the feature for a specific node. It contains information like the whether the feature is enabled/disabled, the context profiles defining the category list to detect. title: |- URL categorization entity x-vmw-nsx-module: PolicyUrlCategorization PoolMemberSetting: description: | The setting is used to add, update or remove pool members from pool. For static pool members, admin_state, display_name and weight can be updated. For dynamic pool members, only admin_state can be updated. properties: admin_state: default: ENABLED description: |- Member admin state enum: - ENABLED - DISABLED - GRACEFUL_DISABLED type: string display_name: description: | Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. title: |- Pool member display name type: string ip_address: description: |- Pool member IP address format: ip type: string port: description: |- Pool member port number format: port-or-range type: string weight: description: | Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. format: int64 maximum: 255 minimum: 1 title: |- Pool member weight type: integer required: - ip_address title: |- Pool member setting type: object x-vmw-nsx-module: LoadBalancer PortAddressBindingEntry: description: |- Detailed information about static address for the port. properties: ip_address: description: |- IP Address for port binding title: |- IP address type: string mac_address: description: |- Mac address for port binding format: mac-address type: string vlan_id: description: |- VLAN ID for port binding format: int64 type: integer title: |- Address binding information type: object x-vmw-nsx-module: PolicyConnectivity PortAttacher: description: |- VM or vmknic entity attached to LogicalPort properties: entity: description: | This is a vmknic name if the attacher is vmknic. Otherwise, it is full path of the attached VM's config file readOnly: false title: |- Reference to the attached entity type: string host: description: |- TransportNode on which the attacher resides readOnly: false title: |- TransportNode on which the attacher resides type: string required: - host - entity title: |- VM or vmknic entity attached to LogicalPort type: object x-vmw-nsx-module: LogicalPort PortAttachment: description: |- Detail information about port attachment properties: allocate_addresses: description: |- Indicate how IP will be allocated for the port enum: - IP_POOL - MAC_POOL - BOTH - NONE - DHCP title: |- Allocate addresses type: string app_id: description: | ID used to identify/look up a child attachment behind a parent attachment title: |- App Id type: string bms_interface_config: $ref: '#/definitions/AttachedInterfaceEntry' description: |- Indicate application interface configuration for Bare Metal Server. title: |- Application interface configuration for Bare metal server context_id: description: | If type is CHILD and the parent port is on the same segment as the child port, then this field should be VIF ID of the parent port. If type is CHILD and the parent port is on a different segment, then this field should be policy path of the parent port. If type is INDEPENDENT/STATIC, then this field should be transport node ID. title: |- Context ID based on the type type: string context_type: description: |- Set to PARENT when type field is CHILD. Read only field. enum: - PARENT readOnly: true title: |- Context Type type: string evpn_vlans: description: |- List of Evpn tenant VLAN IDs the Parent logical-port serves in Evpn Route-Server mode. Only effective when attachment type is PARENT and the logical-port is attached to vRouter VM. items: type: string maxItems: 1000 minItems: 0 title: |- Evpn tenant VLAN IDs the Parent logical-port serves. type: array hyperbus_mode: default: DISABLE description: |- Flag to indicate if hyperbus configuration is required. enum: - ENABLE - DISABLE title: |- Hyperbus mode type: string id: description: |- VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required. title: |- Port attachment ID type: string traffic_tag: description: | Not valid when type field is INDEPENDENT, mainly used to identify traffic from different ports in container use case. format: int64 type: integer type: description: |- Type of port attachment. STATIC is added to replace INDEPENDENT. INDEPENDENT type and PARENT type are deprecated. enum: - PARENT - CHILD - INDEPENDENT - STATIC title: |- Attachement type type: string title: |- Attachment information on the port type: object x-vmw-nsx-module: PolicyConnectivity PortDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/DiscoveryProfileBindingMap' - properties: ip_discovery_profile_path: description: |- PolicyPath of associated IP Discovery Profile title: |- IP Discovery Profile Path type: string mac_discovery_profile_path: description: |- PolicyPath of associated Mac Discovery Profile title: |- Mac Discovery Profile Path type: string type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Port. Using this entity, user can specify intent for applying discovery profile to particular Port. Port here is Logical Port. title: |- Port Discovery Profile binding map x-vmw-nsx-module: PolicyDiscoveryProfileBinding PortDiscoveryProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Discovery Profile Binding Map list results items: $ref: '#/definitions/PortDiscoveryProfileBindingMap' title: |- Port Discovery Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Paged collection of Port Discovery Profile Binding Maps title: |- Paged collection of Port Discovery Profile Binding Maps x-vmw-nsx-module: PolicyDiscoveryProfileBinding PortMirroringProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: destination_group: description: | Data from source group will be copied to members of destination group. Only IPSET group and group with membership criteria VM is supported. IPSET group allows only three ip's. title: |- Destination group path type: string direction: default: BIDIRECTIONAL description: |- Port mirroring profile direction enum: - INGRESS - EGRESS - BIDIRECTIONAL title: |- Direction type: string encapsulation_type: default: GRE description: |- User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored. enum: - GRE - ERSPAN_TWO - ERSPAN_THREE title: |- Mirror Destination encapsulation type type: string erspan_id: default: 0 description: | Used by physical switch for the mirror traffic forwarding. Must be provided and only effective when encapsulation type is ERSPAN type II or type III. format: int32 maximum: 1023 minimum: 0 title: |- ERSPAN session id type: integer gre_key: default: 0 description: |- User-configurable 32-bit key only for GRE format: int32 minimum: 0 title: |- GRE encapsulation key type: integer profile_type: default: REMOTE_L3_SPAN description: |- Allows user to select type of port mirroring session. enum: - REMOTE_L3_SPAN - LOGICAL_SPAN type: string snap_length: description: | If this property is set, the packet will be truncated to the provided length. If this property is unset, entire packet will be mirrored. format: int32 maximum: 65535 minimum: 60 title: |- Maximum packet length for packet truncation type: integer tcp_ip_stack: default: Default description: |- User can provide Mirror stack or Default stack to send mirror traffic. If profile type is REMOTE_L3_SPAN, tcp_ip_stack type is used else ignored. enum: - Default - Mirror title: |- Mirror Destination encapsulation type type: string required: - destination_group type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Mirrors Data from source to destination title: |- Mirrors Data from source to destination x-vmw-nsx-module: PolicyPortMirroring PortMirroringProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Mirroring Profiles list results items: $ref: '#/definitions/PortMirroringProfile' title: |- Port Mirroring Profiles list results type: array required: - results type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Paged collection of port mirroring profiles title: |- Paged collection of port mirroring profiles x-vmw-nsx-module: PolicyPortMirroring PortMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Port. Using this entity, user can specify intent for applying monitoring profile to particular Port. Port here is Segment Port. title: |- Port Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding PortMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Monitoring Profile Binding Map list results items: $ref: '#/definitions/PortMonitoringProfileBindingMap' title: |- Port Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Port Monitoring Profile Binding Maps title: |- Paged collection of Port Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding PortQoSProfileBindingMap: allOf: - $ref: '#/definitions/QoSProfileBindingMap' - properties: qos_profile_path: description: |- PolicyPath of associated QoS Profile title: |- QoS Profile Path type: string type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: | This entity will be used to establish association between qos profile and Port. Using this entity, you can specify intent for applying qos profile to particular Port. Port here is Segment Port. title: |- Port QoS Profile binding map x-vmw-nsx-module: PolicyQoSProfileBinding PortQoSProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port QoS Profile Binding Map list results items: $ref: '#/definitions/PortQoSProfileBindingMap' title: |- Port QoS Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Paged collection of Port QoS Profile Binding Maps title: |- Paged collection of Port QoS Profile Binding Maps x-vmw-nsx-module: PolicyQoSProfileBinding PortSecurityProfileBindingMap: allOf: - $ref: '#/definitions/SecurityProfileBindingMap' - properties: segment_security_profile_path: description: |- The policy path of the asscociated Segment Security profile title: |- Segment Security Profile Path type: string spoofguard_profile_path: description: |- The policy path of the asscociated SpoofGuard profile title: |- SpoofGuard Profile Path type: string type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: | Contains the binding relationship between port and security profile. title: |- Security profile binding map for port x-vmw-nsx-module: PolicySecurityProfileBinding PortSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port security profile binding map list results items: $ref: '#/definitions/PortSecurityProfileBindingMap' title: |- Port security profile binding map list results type: array required: - results type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Paged collection of port security profile binding maps title: |- Paged collection of port security profile binding maps x-vmw-nsx-module: PolicySecurityProfileBinding PrefixEntry: description: |- Network prefix entry properties: action: default: PERMIT description: | Action for the prefix list. enum: - PERMIT - DENY title: |- Action for the prefix list type: string ge: description: | Prefix length greater than or equal to. format: int32 maximum: 128 minimum: 1 title: |- Prefix length greater than or equal to type: integer le: description: | Prefix length less than or equal to. format: int32 maximum: 128 minimum: 1 title: |- Prefix length less than or equal to type: integer network: description: | Network prefix in CIDR format. "ANY" matches all networks. title: |- Network prefix in CIDR format type: string required: - network title: |- Network prefix entry type: object x-vmw-nsx-module: PolicyConnectivity PrefixList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: prefixes: description: | Specify ordered list of network prefixes. items: $ref: '#/definitions/PrefixEntry' minItems: 1 title: |- Ordered list of network prefixes type: array required: - prefixes type: object x-vmw-nsx-module: PolicyConnectivity description: |- A named list of prefixes for routing purposes. title: |- A named list of prefixes for routing purposes x-vmw-nsx-module: PolicyConnectivity PrefixListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- PrefixList results items: $ref: '#/definitions/PrefixList' title: |- PrefixList results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of PrefixLists title: |- Paged collection of PrefixLists x-vmw-nsx-module: PolicyConnectivity Principal: properties: attributes: description: |- Certificate list. items: $ref: '#/definitions/KeyValue' readOnly: false type: array required: - attributes type: object x-vmw-nsx-module: CertificateManager PrincipalIdentity: allOf: - $ref: '#/definitions/ManagedResource' - properties: certificate_id: description: |- Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required. readOnly: false title: |- Id of the stored certificate type: string is_protected: description: |- Indicator whether the entities created by this principal should be protected. readOnly: false title: |- Protection indicator type: boolean name: description: |- Name of the principal. maxLength: 255 readOnly: false title: |- Name type: string node_id: description: | Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string. maxLength: 255 readOnly: false title: |- Unique node-id type: string permission_group: description: |- Use the 'role' field instead and pass in 'auditor' for read_only_api_users or 'enterprise_admin' for the others. enum: - read_only_api_users - read_write_api_users - superusers - undefined readOnly: false type: string x-deprecated: true role: description: |- Role readOnly: false title: |- Role type: string required: - node_id - name type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager PrincipalIdentityList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- PrincipalIdentity list. items: $ref: '#/definitions/PrincipalIdentity' readOnly: false type: array required: - results type: object x-vmw-nsx-module: CertificateManager description: |- PrincipalIdentity query result title: |- PrincipalIdentity query result x-vmw-nsx-module: CertificateManager PrincipalIdentityWithCertificate: allOf: - $ref: '#/definitions/PrincipalIdentity' - properties: certificate_pem: description: |- PEM encoding of the new certificate. readOnly: false title: |- PEM encoding of the new certificate type: string required: - certificate_pem type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager ProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: profile_path: description: |- PolicyPath of associated Profile title: |- Profile Path type: string required: - profile_path type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between profile and policy entities. title: |- Policy base profile binding map x-vmw-nsx-module: PolicyProfile PropertyItem: description: |- Represents a label-value pair. properties: condition: description: |- If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string field: description: |- Represents field value of the property. maxLength: 1024 title: |- Field of the Property type: string heading: default: false description: |- Set to true if the field is a heading. Default is false. title: |- If true, represents the field as a heading type: boolean label: $ref: '#/definitions/Label' description: |- If a field represents a heading, then label is not needed title: |- Label of the property navigation: description: |- Hyperlink of the specified UI page that provides details. This will be linked with value of the property. maxLength: 1024 title: |- Navigation to a specified UI page type: string render_configuration: description: |- Render configuration to be applied, if any. items: $ref: '#/definitions/RenderConfiguration' title: |- Render Configuration type: array separator: default: false description: |- If true, separates this property in a widget. title: |- A separator after this property type: boolean type: default: String description: |- Data type of the field. enum: - String - Number - Date - Url maxLength: 255 title: |- field data type type: string required: - field - type title: |- LabelValue Property type: object x-vmw-nsx-module: NsxDashboard QoSBaseRateLimiter: description: |- A Limiter configuration entry that specifies type and metrics discriminator: resource_type properties: enabled: type: boolean resource_type: description: | Type rate limiter enum: - IngressRateLimiter - IngressBroadcastRateLimiter - EgressRateLimiter type: string required: - enabled - resource_type title: |- A Limiter configuration entry that specifies type and metrics type: object x-vmw-nsx-module: PolicyQoS QoSDscp: description: |- Dscp value is ignored in case of 'TRUSTED' DscpTrustMode. properties: mode: description: | When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port. enum: - TRUSTED - UNTRUSTED type: string priority: default: 0 description: |- Internal Forwarding Priority format: int32 maximum: 63 minimum: 0 title: |- Internal Forwarding Priority type: integer title: |- One of QoS or Encapsulated-Remote-Switched-Port-Analyzer type: object x-vmw-nsx-module: PolicyQoS QoSProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: class_of_service: default: 0 description: | Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. format: int32 maximum: 7 minimum: 0 title: |- Class of service type: integer dscp: $ref: '#/definitions/QoSDscp' shaper_configurations: description: |- Array of Rate limiter configurations to applied on Segment or Port. items: $ref: '#/definitions/QoSBaseRateLimiter' maxItems: 3 minItems: 0 type: array type: object x-vmw-nsx-module: PolicyQoS x-vmw-nsx-module: PolicyQoS QoSProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Base QoS Profile Binding Map title: |- Base QoS Profile Binding Map x-vmw-nsx-module: PolicyQoSProfileBinding QoSProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- QoS profiles list results items: $ref: '#/definitions/QoSProfile' title: |- QoS profiles list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoS description: |- Paged collection of QoS profiles title: |- Paged collection of QoS profiles x-vmw-nsx-module: PolicyQoS RAConfig: properties: hop_limit: default: 64 description: | The maximum number of hops through which packets can pass before being discarded. format: int64 maximum: 255 minimum: 0 title: |- Hop limit type: integer prefix_lifetime: default: 2592000 description: | The time interval in seconds, in which the prefix is advertised as valid. format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of prefix type: integer prefix_preferred_time: default: 604800 description: | The time interval in seconds, in which the prefix is advertised as preferred. format: int64 maximum: 4294967295 minimum: 0 title: |- Prefix preferred time type: integer ra_interval: default: 600 description: | Interval between 2 Router advertisement in seconds. format: int64 maximum: 1800 minimum: 4 title: |- RA interval type: integer router_lifetime: default: 1800 description: | Router lifetime value in seconds. A value of 0 indicates the router is not a default router for the receiving end. Any other value in this field specifies the lifetime, in seconds, associated with this router as a default router. format: int64 maximum: 65520 minimum: 0 title: |- Lifetime of router type: integer type: object x-vmw-nsx-module: Routing RaDNSConfig: properties: dns_server: description: | DNS server. items: description: |- IPv6 address format: ipv6 type: string maxItems: 8 title: |- DNS server type: array dns_server_lifetime: default: 1800000 description: |- Lifetime of DNS server in milliseconds format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of DNS server in milliseconds type: integer domain_name: description: | Domain name in RA message. items: type: string maxItems: 8 title: |- Domain name type: array domain_name_lifetime: default: 1800000 description: |- Lifetime of Domain names in milliseconds format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of Domain names in milliseconds type: integer type: object x-vmw-nsx-module: Routing Reaction: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: actions: description: | Actions that need to be taken when the events occur. These actions must appear in the order that they need to be taken in. This field can be interpreted as the HOW of the Reaction, or simply as "Then That". items: $ref: '#/definitions/Action' maxItems: 1 minItems: 1 title: |- Reaction Actions type: array events: description: | Events that provide contextual variables about what the reaction should react to. This field can be interpreted as the WHAT of the Reaction, or simply as "If This" Clause. items: $ref: '#/definitions/Event' maxItems: 1 minItems: 1 title: |- Reaction Events type: array required: - events - actions type: object x-vmw-nsx-module: PolicyReaction description: | Reaction represents a programmable entity which encapsulates the events and the actions in response to the events, or simply "If This Then That". title: |- Reaction x-vmw-nsx-module: PolicyReaction RealizedVirtualMachine: allOf: - $ref: '#/definitions/PolicyRealizedResource' - properties: compute_ids: description: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] items: type: string readOnly: true title: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] type: array host_id: description: |- Id of the host on which the vm exists. readOnly: true title: |- Id of the host on which the vm exists. type: string local_id_on_host: description: |- Id of the vm unique within the host. readOnly: true title: |- Id of the vm unique within the host. type: string power_state: description: |- Current power state of this virtual machine in the system. enum: - VM_RUNNING - VM_STOPPED - VM_SUSPENDED - UNKNOWN readOnly: true title: |- Current power state of this virtual machine in the system. type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Realized Virtual Machine title: |- Realized Virtual Machine x-vmw-nsx-module: PolicyRealizedState RealizedVirtualMachineListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of VMs items: $ref: '#/definitions/RealizedVirtualMachine' title: Virtual machine list result title: |- Paged Collection of VMs type: array type: object x-vmw-nsx-module: PolicyGroupStatistics x-vmw-nsx-module: PolicyGroupStatistics RecommendedFeaturePermission: description: |- Recommended Feature Permission properties: recommended_permissions: description: |- Permission items: type: string title: |- Permission type: array src_features: description: |- List of source features items: type: string title: |- List of source features type: array target_feature: description: |- Feature title: |- Feature type: string required: - src_features - target_feature - recommended_permissions title: |- Recommended Feature Permission type: object x-vmw-nsx-module: AAA RecommendedFeaturePermissionListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/RecommendedFeaturePermission' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RedirectionPolicy: allOf: - $ref: '#/definitions/Policy' - properties: north_south: description: | This is the read only flag which will state the direction of this | redirection policy. True denotes that it is NORTH-SOUTH and false | value means it is an EAST-WEST redirection policy. readOnly: true title: |- Flag to denote whether it is north south policy type: boolean redirect_to: description: | Paths to which traffic will be redirected to. As of now, only 1 is | supported. Paths allowed are | 1. Policy Service Instance | 2. Service Instance Endpoint | 3. Virtual Endpoint | 4. Policy Service Chain items: type: string maxItems: 1 title: |- List of redirect to target paths type: array rules: description: | Redirection rules that are a part of this RedirectionPolicy. At max, there can be 1000 rules in a given RedirectPolicy. items: $ref: '#/definitions/RedirectionRule' maxItems: 1000 title: |- Redirection rules that are a part of this RedirectionPolicy type: array type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Ordered list of rules long with the path of PolicyServiceInstance to which the traffic needs to be redirected. | Please note that the scope property must be provided for NS redirection | policy if redirect to is a service chain. For NS, when redirect to is not | to the service chain, and scope is specified on RedirectionPolicy, it | will be ignored. The scope will be determined from redirect to path | instead. For EW policy, scope must not be supplied in the request. | Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path | can be specified as a scope. | Also, note that, if stateful flag is not sent, it will be treated as true. If statelessness is intended, false must be sent explicitly as the value | for stateful field. title: | Contains ordered list of rules and path to PolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion RedirectionRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services enum: - REDIRECT - DO_NOT_REDIRECT title: |- Action type: string type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- It define redirection rule for service insertion title: |- It define redirection rule for service insertion x-vmw-nsx-module: PolicyServiceInsertion RegistrationToken: description: |- Appliance registration access token properties: roles: description: |- List results items: type: string title: |- List results type: array token: description: |- Access token title: |- Access token type: string user: description: |- User delegated by token title: |- User delegated by token type: string required: - roles title: |- Appliance registration access token type: object x-vmw-nsx-module: RegistrationTokenEndPoint RelatedApiError: description: |- Detailed information about a related API error properties: details: description: |- Further details about the error title: |- Further details about the error type: string error_code: description: |- A numeric error code format: int64 title: |- A numeric error code type: integer error_data: description: |- Additional data about the error title: |- Additional data about the error type: object error_message: description: |- A description of the error title: |- A description of the error type: string module_name: description: |- The module name where the error occurred title: |- The module name where the error occurred type: string title: |- Detailed information about a related API error type: object x-vmw-nsx-module: Common RelatedAttribute: description: | Related attribute on the target resource for conditional constraints based on related attribute value. Example - destinationGroups/service/action is related attribute of sourceGroups in communcation entry. properties: attribute: description: |- Related attribute name on the target entity. title: |- Related attribute name on the target entity. type: string required: - attribute title: |- Related attribute details. type: object x-vmw-nsx-module: PolicyConstraints RelatedAttributeConditionalExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: condition: $ref: '#/definitions/ConditionalValueConstraintExpression' description: | Conditional value expression for target based on realted attribute value. title: |- Conditiona value constraint expression. related_attribute: $ref: '#/definitions/RelatedAttribute' description: |- Related attribute. title: |- Related attribute. required: - related_attribute - condition type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level type expression to express constraint as value of realted attribute to the target. Example - Constraint traget attribute 'X' (example in Constraint), if destinationGroups contains 'vCeneter' then allow only values "HTTPS", "HTTP" for attribute X. { "target":{ "target_resource_type":"CommunicationEntry", "attribute":"services", "path_prefix": "/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/" }, "constraint_expression": { "resource_type": "RelatedAttributeConditionalExpression", "related_attribute":{ "attribute":"destinationGroups" }, "condition" : { "operator":"INCLUDES", "rhs_value": ["/infra/domains/mgw/groups/VCENTER"], "value_constraint": { "resource_type": "ValueConstraintExpression", "operator":"INCLUDES", "values":["/infra/services/HTTP", "/infra/services/HTTPS"] } } } } title: | Represents the leaf level type expression to express constraint as value of realted attribute to the target. Uses ConditionalValueConstraintExpression to constrain the target value based on the related attribute value on the same resource. x-vmw-nsx-module: PolicyConstraints RemoteFileServer: description: |- Remote file server properties: directory_path: description: |- Remote server directory to copy bundle files to title: |- Remote server directory to copy bundle files to type: string port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer protocol: $ref: '#/definitions/FileTransferProtocol' description: |- Protocol to use to copy file title: |- Protocol to use to copy file server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string required: - directory_path - protocol - server title: |- Remote file server type: object x-vmw-nsx-module: BackupConfiguration RemoteServerFingerprint: description: |- Remote server properties: port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string ssh_fingerprint: description: |- SSH fingerprint of server title: |- SSH fingerprint of server type: string required: - ssh_fingerprint - server title: |- Remote server type: object x-vmw-nsx-module: BackupConfiguration RemoteServerFingerprintRequest: description: |- Remote server properties: port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string required: - server title: |- Remote server type: object x-vmw-nsx-module: BackupConfiguration RenderConfiguration: description: |- Render configuration to be applied to the widget. properties: color: description: |- The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red. enum: - GREY - DARK_GREY - LIGHT_GREY - SKY_BLUE - BLUE - GREEN - YELLOW - RED - DARK_RED title: |- Color of the entity type: string condition: description: |- If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string display_value: description: |- If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured. maxLength: 255 title: |- Overridden value to display, if any type: string icons: description: |- Icons to be applied at dashboard for widgets and UI elements. items: $ref: '#/definitions/Icon' minItems: 0 title: |- Icons type: array tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array title: |- Render Configuration type: object x-vmw-nsx-module: NsxDashboard Resource: description: |- Base class for resources properties: _links: description: |- The server will populate this field when returing the resource. Ignored on PUT and POST. items: $ref: '#/definitions/ResourceLink' readOnly: true title: |- References related to this resource type: array _schema: description: |- Schema for this resource readOnly: true title: |- Schema for this resource type: string _self: $ref: '#/definitions/SelfResourceLink' description: |- Link to this resource readOnly: true title: |- Link to this resource title: |- Base class for resources type: object x-vmw-nsx-module: Common ResourceFieldPointer: description: |- Resource Field Pointer representing the exact value within a policy object. properties: field_pointer: description: |- Field Pointer referencing the exact field within the policy object. title: |- Field Pointer type: string path: description: | Policy Path referencing a policy object. If not supplied, the field pointer will be applied to the event source. title: |- Resource Path type: string required: - field_pointer title: |- Resource Field Pointer type: object x-vmw-nsx-module: PolicyReaction ResourceInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Resource info list results items: $ref: '#/definitions/PolicyFineTuningResourceInfo' title: |- Resource info list results type: array required: - results type: object x-vmw-nsx-module: PolicyFineTuning description: |- Collection of resource info objects title: |- Collection of resource info objects x-vmw-nsx-module: PolicyFineTuning ResourceLink: description: |- A link to a related resource properties: action: description: |- Optional action readOnly: true title: |- Optional action type: string href: description: |- Link to resource readOnly: true title: |- Link to resource type: string rel: description: |- Custom relation type (follows RFC 5988 where appropriate definitions exist) readOnly: true title: |- Link relation type type: string title: |- A link to a related resource type: object x-vmw-nsx-module: Common ResourceOperation: allOf: - $ref: '#/definitions/Source' - properties: operation_types: description: |- Operation types. items: description: | Resource Operation Type represents a change in state of a resource with regard to the interaction with DAO layer: POST_CREATE: post-create change event. POST_UPDATE: post-update change event. PRE_DELETE: pre-delete change event. enum: - POST_CREATE - POST_UPDATE - PRE_DELETE type: string minItems: 1 title: |- Operation Types type: array resource_pointer: description: | Regex path representing a regex expression on resources. This regex is used to identify the object(s) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. title: |- Resource Pointer type: string required: - resource_pointer - operation_types type: object x-vmw-nsx-module: PolicyReaction description: | Resource Operation is an Event Source that represents a resource that is being changed at very specific points of time, with regard to its interaction with dao layer. title: |- Resource Operation x-vmw-nsx-module: PolicyReaction ResourceReference: description: |- A weak reference to an NSX resource. properties: is_valid: description: |- Will be set to false if the referenced NSX resource has been deleted. readOnly: true title: |- Target validity type: boolean target_display_name: description: |- Display name of the NSX resource. maxLength: 255 readOnly: true title: |- Target display name type: string target_id: description: |- Identifier of the NSX resource. maxLength: 64 readOnly: false title: |- Target ID type: string target_type: description: |- Type of the NSX resource. maxLength: 255 readOnly: false title: |- Target type type: string type: object x-vmw-nsx-module: Common ResourceSummaryDetail: description: | Resource summary details represents list of resources for given resource type with its total count. properties: resource_count: description: | Total resource count format: int64 readOnly: true title: |- Resource count type: integer resource_list: description: | List of homogenous resources of resource type. items: $ref: '#/definitions/OnboardingAttribute' maxItems: 100 readOnly: true title: |- Resource List type: array resource_type: description: | Policy resource entity type, for example: CommunicationMap, Group etc. readOnly: true title: |- Policy Resource Type type: string title: |- Resource Summary Detail type: object x-vmw-nsx-module: GmConfigOnboarding RestoreStep: description: |- Restore step info properties: description: description: |- Restore step description readOnly: true title: |- Restore step description type: string status: $ref: '#/definitions/PerStepRestoreStatus' step_number: description: |- Restore step number format: int64 readOnly: true title: |- Restore step number type: integer value: description: |- Restore step value readOnly: true title: |- Restore step value type: string title: |- Restore step info type: object x-vmw-nsx-module: ClusterRestore RevisionedResource: allOf: - $ref: '#/definitions/Resource' - properties: _revision: description: |- The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. format: int32 title: |- Generation of this resource config type: integer type: object x-vmw-nsx-module: Common description: |- A base class for types that track revisions title: |- A base class for types that track revisions x-vmw-nsx-module: Common Role: description: |- Role properties: role: description: |- Short identifier for the role. Must be all lower case with no spaces. title: |- Role identifier type: string role_display_name: description: |- A short, human-friendly display name of the role. title: |- Display name for role type: string required: - role title: |- Role type: object x-vmw-nsx-module: AAA RoleBinding: allOf: - $ref: '#/definitions/ManagedResource' - properties: identity_source_id: description: |- The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed. title: |- ID of the external identity source type: string identity_source_type: default: VIDM description: |- Identity source type enum: - VIDM - LDAP - OIDC title: |- Identity source type type: string name: description: |- User/Group's name readOnly: true title: |- User/Group's name type: string roles: description: |- Roles items: $ref: '#/definitions/Role' readOnly: true title: |- Roles type: array stale: description: |- Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings enum: - 'TRUE' - 'FALSE' - UNKNOWN readOnly: true title: |- Stale in vIDM type: string type: description: |- Type enum: - remote_user - remote_group - local_user - principal_identity readOnly: true title: |- Type type: string user_id: description: |- Local user's numeric id on the system. readOnly: true title: |- Local user's numeric id type: string type: object x-vmw-nsx-module: AAA description: |- User/Group's role binding title: |- User/Group's role binding x-vmw-nsx-module: AAA RoleBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/RoleBinding' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RoleListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/Role' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RoleWithFeatures: allOf: - $ref: '#/definitions/ManagedResource' - properties: features: description: |- Features items: $ref: '#/definitions/FeaturePermission' title: |- Features type: array role: description: |- Short identifier for the role. Must be all lower case with no spaces. readOnly: true title: |- Role identifier type: string required: - features type: object x-vmw-nsx-module: AAA description: |- Role title: |- Role x-vmw-nsx-module: AAA RoleWithFeaturesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/RoleWithFeatures' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RouteAdvertisementRule: description: |- Route advertisement rules and filtering properties: action: default: PERMIT description: | Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement enum: - PERMIT - DENY title: |- Action to advertise routes type: string name: description: | Display name should be unique. title: |- Display name for rule type: string prefix_operator: default: GE description: | Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured. enum: - GE - EQ title: |- Prefix operator to match subnets type: string route_advertisement_types: description: | Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. items: description: | Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets. enum: - TIER1_STATIC_ROUTES - TIER1_CONNECTED - TIER1_NAT - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable different types of route advertisements type: array subnets: description: | Network CIDRs to be routed. items: format: ip-cidr-block type: string title: |- Network CIDRs type: array required: - action - name title: |- Route advertisement rules and filtering type: object x-vmw-nsx-module: PolicyConnectivity RouteAggregationEntry: description: |- List of routes to be aggregated properties: prefix: description: |- CIDR of aggregate address format: ip-cidr-block title: |- CIDR of aggregate address type: string summary_only: default: true description: | Send only summarized route. Summarization reduces number of routes advertised by representing multiple related routes with prefix property. title: |- Send only summarized route type: boolean required: - prefix title: |- List of routes to be aggregated type: object x-vmw-nsx-module: PolicyConnectivity RouteBasedIPSecVpnSession: allOf: - $ref: '#/definitions/IPSecVpnSession' - properties: force_whitelisting: default: false description: | If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This filed is deprecated and recommended to change Rule action filed. Note that this filed is not synchornied with default rule field. title: |- Flag to add default whitelisting Gateway Policy rule for the VTI interface. type: boolean x-deprecated: true tunnel_interfaces: description: |- IP Tunnel interfaces. items: $ref: '#/definitions/IPSecVpnTunnelInterface' maxItems: 1 minItems: 1 title: |- IP Tunnel interfaces type: array required: - tunnel_interfaces type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. title: |- Route based VPN session x-vmw-nsx-module: PolicyIPSecVpn RouteBasedL3VpnSession: allOf: - $ref: '#/definitions/L3VpnSession' - properties: default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule for the VTI interface. title: |- Enable logging for whitelisted rule for the VTI interface type: boolean force_whitelisting: default: false description: | The default firewall rule Action is set to DROP if true otherwise set to ALLOW. title: |- Flag to add default whitelisting FW rule for the VTI interface. type: boolean routing_config_path: description: | This is a deprecated field. Any specified value is not saved and will be ignored. title: |- Routing configuration policy path type: string x-deprecated: true tunnel_subnets: description: | Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed. items: $ref: '#/definitions/TunnelSubnet' maxItems: 1 minItems: 1 title: |- Virtual Tunnel Interface (VTI) IP subnets type: array uniqueItems: true required: - tunnel_subnets type: object x-vmw-nsx-module: PolicyL3Vpn description: | A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. title: |- Route based L3Vpn Session x-vmw-nsx-module: PolicyL3Vpn RouteDetails: description: |- BGP route details. properties: as_path: description: |- BGP AS path attribute. readOnly: true title: |- AS path type: string local_pref: description: |- BGP Local Preference attribute. format: int64 readOnly: true title: |- Local preference type: integer med: description: |- BGP Multi Exit Discriminator attribute. format: int64 readOnly: true title: |- Multi Exit Discriminator type: integer network: description: |- CIDR network address. format: ip-cidr-block readOnly: true type: string next_hop: description: |- Next hop IP address. format: ip readOnly: true type: string weight: description: |- BGP Weight attribute. format: int64 readOnly: true title: |- Weight type: integer title: |- BGP route details type: object x-vmw-nsx-module: AggSvcLogicalRouter RouteMapEntry: description: |- Route map entry properties: action: description: | Action for the route map entry enum: - PERMIT - DENY title: |- Action for the route map entry type: string community_list_matches: description: | Community list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. items: $ref: '#/definitions/CommunityMatchCriteria' title: |- Community list match criteria type: array prefix_list_matches: description: | Prefix list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. items: type: string maxItems: 500 title: |- Prefix list match criteria type: array set: $ref: '#/definitions/RouteMapEntrySet' description: | Set criteria for route map entry title: |- Set criteria for route map entry required: - action title: |- Route map entry type: object x-vmw-nsx-module: PolicyConnectivity RouteMapEntrySet: description: |- Set criteria for route map entry properties: as_path_prepend: description: | AS path prepend to influence route selection. title: |- AS path prepend to influence route selection type: string community: description: | Set BGP regular or large community for matching routes. A maximum of one value for each community type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported. title: |- Set BGP community type: string local_preference: default: 100 description: | Local preference indicates the degree of preference for one BGP route over other BGP routes. The path with highest local preference is preferred. format: int64 maximum: 4294967295 title: |- Local preference to set for matching BGP routes type: integer med: description: | Multi exit descriminator (MED) is a hint to BGP neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. A lower MED value is preferred over a higher value. format: int32 maximum: 4294967295 minimum: 0 title: |- Multi exit descriminator type: integer prefer_global_v6_next_hop: description: | For incoming and import route_maps on receiving both v6 global and v6 link-local address for the route, prefer to use the global address as the next hop. By default, it prefers the link-local next hop. title: |- Prefer global v6 next hop over local next hop type: boolean weight: description: | Weight is used to select a route when multiple routes are available to the same network. Route with the highest weight is preferred. format: int32 maximum: 65535 minimum: 0 title: |- Weight used to select certain path type: integer title: |- Set criteria for route map entry type: object x-vmw-nsx-module: PolicyConnectivity RouterNexthop: description: |- Next hop configuration for network properties: admin_distance: default: 1 description: |- Cost associated with next hop route format: int32 maximum: 255 minimum: 1 title: |- Cost associated with next hop route type: integer ip_address: description: |- Next hop gateway IP address format: ip type: string scope: description: | Interface path associated with current route. For example: specify a policy path referencing the IPSec VPN Session. items: type: string minItems: 1 title: |- Interface path associated with current route type: array title: |- Next hop configuration for network type: object x-vmw-nsx-module: PolicyConnectivity RoutesPerTransportNode: description: |- BGP routes per transport node. properties: routes: description: | Array of BGP neighbor route details for this transport node. items: $ref: '#/definitions/RouteDetails' readOnly: true title: |- BGP neighbor route details type: array source_address: description: |- BGP neighbor source address. format: ip readOnly: true type: string transport_node_id: description: |- Transport node id readOnly: true title: |- Transport node id type: string title: |- Routes per transport node type: object x-vmw-nsx-module: AggSvcLogicalRouter RoutingEntry: description: | Routing table entry. properties: admin_distance: description: | Admin distance. format: int32 readOnly: true title: |- Admin distance type: integer interface: description: |- The policy path of the interface which is used as the next hop title: |- The policy path of the interface which is used as the next hop type: string lr_component_id: description: |- Logical router component(Service Router/Distributed Router) id title: |- Logical router component(Service Router/Distributed Router) id type: string lr_component_type: description: |- Logical router component(Service Router/Distributed Router) type title: |- Logical router component(Service Router/Distributed Router) type type: string network: description: | Network CIDR. readOnly: true title: |- Network CIDR type: string next_hop: description: | Next hop address. format: ip readOnly: true type: string route_type: description: | Route type in routing table. t0c - Tier-0 Connected t0s - Tier-0 Static b - BGP t0n - Tier-0 NAT t1s - Tier-1 Static t1c - Tier-1 Connected t1n: Tier-1 NAT t1l: Tier-1 LB VIP t1ls: Tier-1 LB SNAT t1d: Tier-1 DNS FORWARDER t1ipsec: Tier-1 IPSec isr: Inter-SR readOnly: true title: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) type: string title: |- Routing table entry type: object x-vmw-nsx-module: PolicyConnectivityStatistics RoutingTable: description: | Routing table. properties: count: description: |- Entry count. format: int32 readOnly: true title: |- Entry count type: integer edge_node: description: | Transport node ID. readOnly: true title: |- Transport node ID type: string route_entries: description: |- Route entries. items: $ref: '#/definitions/RoutingEntry' title: |- Route entries type: array required: - route_entries title: |- Routing table type: object x-vmw-nsx-module: PolicyConnectivityStatistics RoutingTableListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of Routes per transport node ID. items: $ref: '#/definitions/RoutingTable' title: Routing table title: |- Paged Collection of Routes per transport node ID type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics RowListField: description: |- Root of the api result set for forming rows. properties: alias: description: |- Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $ (for example, $0). maxLength: 255 title: |- Alias Name type: string path: description: |- JSON path to the root of the api result set for forming rows. maxLength: 1024 title: |- JSON path type: string required: - path title: |- List of fields from which rows are formed type: object x-vmw-nsx-module: NsxDashboard RpAddressMulticastRanges: description: |- Static IPv4 multicast address and assciated multicast group ranges. properties: multicast_ranges: description: |- Assciated multicast group ranges configuration. items: format: ip-cidr-block type: string title: |- Assciated multicast group ranges configuration type: array rp_address: description: |- Static IPv4 multicast address configuration. format: ip type: string required: - rp_address title: |- Static IPv4 multicast address and assciated multicast group ranges type: object x-vmw-nsx-module: PolicyMulticast Rule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services The JUMP_TO_APPLICATION action is only supported for rules created in the Environment category. Once a match is hit then the rule processing will jump to the rules present in the Application category, skipping all further rules in the Environment category. If no rules match in the Application category then the default application rule will be hit. This is applicable only for DFW. enum: - ALLOW - DROP - REJECT - JUMP_TO_APPLICATION title: |- Action type: string type: object x-vmw-nsx-module: Policy description: |- A rule indicates the action to be performed for various types of traffic flowing between workload groups. title: |- A rule specifies the security policy rule between the workload groups x-vmw-nsx-module: Policy RuleListResult: allOf: - $ref: '#/definitions/BaseRuleListResult' - properties: results: description: |- Rule list results items: $ref: '#/definitions/Rule' title: |- Rule list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Rules title: |- Paged Collection of Rules x-vmw-nsx-module: Policy RuleStatistics: allOf: - $ref: '#/definitions/Resource' - properties: byte_count: description: | Aggregated number of bytes processed by the rule. format: int64 readOnly: true title: |- Bytes count type: integer hit_count: description: |- Aggregated number of hits received by the rule. format: int64 readOnly: true title: |- Hits count type: integer internal_rule_id: description: | Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created. readOnly: true title: |- NSX internal rule id type: string lr_path: description: |- Path of the LR on which the section is applied in case of Edge FW. readOnly: true title: |- Logical Router (Tier-0/Tier1) path type: string max_popularity_index: description: | Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- The maximum popularity index type: integer max_session_count: description: | Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- Maximum Sessions count type: integer packet_count: description: | Aggregated number of packets processed by the rule. format: int64 readOnly: true title: |- Packets count type: integer popularity_index: description: |- This is calculated by sessions count divided by age of the rule. format: int64 readOnly: true title: |- The index of the popularity of rule type: integer rule: description: |- Path of the rule. readOnly: true title: |- Rule path type: string session_count: description: | Aggregated number of sessions processed by the rule. format: int64 readOnly: true title: |- sessions count type: integer total_session_count: description: | Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- Total Sessions count type: integer type: object x-vmw-nsx-module: Policy x-vmw-nsx-module: Policy RuleStatisticsForEnforcementPoint: description: |- Rule statistics for a specfic enforcement point. properties: enforcement_point: description: |- Rule statistics for a single enforcement point readOnly: true title: |- Enforcement point path type: string statistics: $ref: '#/definitions/RuleStatistics' description: |- Statistics for the specified enforcement point readOnly: true title: |- Rule Statistics title: |- Rule statistics for an enforcement point type: object x-vmw-nsx-module: Policy RuleStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- RuleStatistics list results items: $ref: '#/definitions/RuleStatisticsForEnforcementPoint' title: |- RuleStatistics list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of rule statistics title: |- Paged Collection of rule statistics x-vmw-nsx-module: Policy SearchResponse: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of records matching the search query. items: type: object readOnly: true title: |- Search results type: array type: object x-vmw-nsx-module: Search description: |- Search response title: |- SearchResponse x-vmw-nsx-module: Search SecurityPolicy: allOf: - $ref: '#/definitions/Policy' - properties: application_connectivity_strategy: description: | This field indicates the application connectivity policy for the security policy. items: $ref: '#/definitions/ApplicationConnectivityStrategy' maxItems: 2 title: |- List of Application Connectivity strategy for this SecurityPolicy type: array connectivity_strategy: description: | This field indicates the default connectivity policy for the security policy. Based on the connectivitiy strategy, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity strategy. If NONE is selected or no connectivity strategy is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_strategy without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rule is created. enum: - WHITELIST - BLACKLIST - WHITELIST_ENABLE_LOGGING - BLACKLIST_ENABLE_LOGGING - NONE title: |- Connectivity strategy applicable for this SecurityPolicy type: string default_rule_id: description: | Based on the value of the connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. format: int64 readOnly: true title: |- Default rule ID associated with the connectivity_strategy type: integer logging_enabled: default: false description: | Flag to enable logging for all the rules in the security policy. If the value is true then logging will be enabled for all the rules in the security policy. If the value is false, then the rule level logging value will be honored. readOnly: false title: |- Enable logging flag type: boolean rules: description: |- Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/Rule' title: |- Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: Policy description: | Ordered list of Rules. title: |- Contains ordered list of Rules x-vmw-nsx-module: Policy SecurityPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- SecurityPolicy list results items: $ref: '#/definitions/SecurityPolicy' title: |- SecurityPolicy list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of security policies title: |- Paged Collection of security policies x-vmw-nsx-module: Policy SecurityPolicyStatistics: description: | Aggregate statistics of all the rules in a security policy. properties: internal_section_id: description: | Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created. readOnly: true title: |- NSX internal section id type: string lr_path: description: | Path of the LR on which the section is applied in case of Gateway Firewall. readOnly: true title: |- Logical Router (Tier-0/Tier1) path type: string result_count: description: |- Total count for rule statistics format: int64 readOnly: true title: |- Rule stats count type: integer results: description: |- List of rule statistics. items: $ref: '#/definitions/RuleStatistics' maxItems: 1000 readOnly: true title: |- Statistics for all rules type: array title: |- Security policy statistics type: object x-vmw-nsx-module: Policy SecurityPolicyStatisticsForEnforcementPoint: description: | Aggregate statistics of all the rules in a security policy for a specific enforcement point. properties: enforcement_point: description: |- Enforcement point to fetch the statistics from. readOnly: true title: |- Enforcement point path type: string statistics: $ref: '#/definitions/SecurityPolicyStatistics' description: |- Statistics for the specified enforcement point readOnly: true title: |- Security Policy Statistics title: |- Security policy statistics for an enforcement point type: object x-vmw-nsx-module: Policy SecurityPolicyStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Security Policy statistics list results items: $ref: '#/definitions/SecurityPolicyStatisticsForEnforcementPoint' title: |- Security Policy statistics list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Security Policy statistics title: |- Paged Collection of Security Policy statistics x-vmw-nsx-module: Policy SecurityProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Base security profile binding map title: |- Base security profile binding map x-vmw-nsx-module: PolicySecurityProfileBinding Segment: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_bindings: description: |- Static address binding used for the Segment. This field is deprecated and will be removed in a future release. Please use address_bindings in SegmentPort to configure static bindings. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 512 title: |- Address bindings for the Segment type: array x-deprecated: true admin_state: default: UP description: |- Represents Desired state of the Segment enum: - UP - DOWN title: |- Represents Desired state of the Segment type: string advanced_config: $ref: '#/definitions/SegmentAdvancedConfig' description: | Advanced configuration for Segment. title: |- Advanced configuration for Segment bridge_profiles: description: |- Multiple distinct L2 bridge profiles can be configured. items: $ref: '#/definitions/BridgeProfileConfig' title: |- Bridge Profile Configuration type: array connectivity_path: description: | Policy path to the connecting Tier-0 or Tier-1. Valid only for segments created under Infra. title: |- Policy path to the connecting Tier-0 or Tier-1 type: string dhcp_config_path: description: | Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment. title: |- Policy path to DHCP configuration type: string domain_name: description: |- DNS domain name title: |- DNS domain name type: string evpn_segment: description: |- Flag to indicate if the Segment is a Child-Segment of type EVPN. readOnly: true title: |- Evpn Segment Flag. type: boolean evpn_tenant_config_path: description: | Policy path to the EvpnTenantConfig resource. Supported only for Route-Server Evpn Mode. Supported only for Overlay Segments. This will be populated for both Parent and Child segments participating in Evpn Route-Server Mode. title: |- Policy path to the EvpnTenantConfig type: string extra_configs: description: | This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment. items: $ref: '#/definitions/SegmentExtraConfig' title: |- Extra configs on Segment type: array federation_config: $ref: '#/definitions/FederationConnectivityConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config l2_extension: $ref: '#/definitions/L2Extension' description: |- Configuration for extending Segment through L2 VPN title: |- Configuration for extending Segment through L2 VPN ls_id: description: | This property is deprecated. The property will continue to work as expected for existing segments. The segments that are newly created with ls_id will be ignored. Sepcify pre-creted logical switch id for Segment. title: |- Pre-created logical switch id for Segment type: string x-deprecated: true mac_pool_id: description: |- Mac pool id that associated with a Segment. title: |- Allocation mac pool associated with the Segment type: string metadata_proxy_paths: description: |- Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured. items: type: string title: |- Metadata Proxy Configuration Paths type: array overlay_id: description: | Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point. format: int32 maximum: 2147483647 minimum: 0 title: |- Overlay connectivity ID for this Segment type: integer replication_mode: default: MTEP description: | If this field is not set for overlay segment, then the default of MTEP will be used. enum: - MTEP - SOURCE title: |- Replication mode of the Segment type: string subnets: description: |- Subnet configuration. Max 1 subnet items: $ref: '#/definitions/SegmentSubnet' title: |- Subnet configuration. Max 1 subnet type: array transport_zone_path: description: | Policy path to the transport zone. Supported for VLAN backed segments as well as Overlay Segments. - This field is required for VLAN backed Segments. - For overlay Segments, it is auto assigned if only one transport zone exists in the enforcement point. Default transport zone is auto assigned for overlay segments if none specified. title: |- Policy path to the transport zone type: string type: description: | Segment type based on configuration. enum: - ROUTED - EXTENDED - ROUTED_AND_EXTENDED - DISCONNECTED readOnly: true title: |- Segment type type: string vlan_ids: description: | VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between. items: type: string title: |- VLAN ids for VLAN backed Segment type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | Segment configuration to attach workloads. title: |- Segment configuration x-vmw-nsx-module: PolicyConnectivity SegmentAdvancedConfig: allOf: - $ref: '#/definitions/ConnectivityAdvancedConfig' - properties: address_pool_paths: description: | Policy path to IP address pools. items: type: string maxItems: 1 title: |- Policy path to IP address pools type: array hybrid: default: false description: | When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created. title: |- Flag to identify a hybrid logical switch type: boolean inter_router: default: false description: | When set to true, any port attached to this logical switch will not be visible through VC/ESX UI title: |- Flag to indicate if the logical switch will provide inter-router connectivity type: boolean local_egress: default: false description: | This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32. title: |- Flag to enable local egress type: boolean local_egress_routing_policies: description: | An ordered list of routing policies to forward traffic to the next hop. items: $ref: '#/definitions/LocalEgressRoutingEntry' minItems: 1 title: |- Local egress routing policies type: array multicast: description: | Enable multicast on the downlink LRP created to connect the segment to Tier0/Tier1 gateway. Enabled by default, even when segment.advanced_config property is not specified. title: |- Enable multicast on the downlink type: boolean ndra_profile_path: description: | This profile is applie dto the downlink logical router port created while attaching this semgnet to tier-0 or tier-1. If this field is empty, NDRA profile of the router is applied to the newly created port. title: |- Policy path of Neighbor Discovery Router Advertisement profile type: string uplink_teaming_policy_name: description: |- The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP. title: |- Uplink Teaming Policy Name type: string urpf_mode: default: STRICT description: | This URPF mode is applied to the downlink logical router port created while attaching this segment to tier-0 or tier-1. enum: - NONE - STRICT title: |- Unicast Reverse Path Forwarding mode type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Advanced configuration for Segment title: |- Advanced configuration for Segment x-vmw-nsx-module: PolicyConnectivity SegmentConfigurationState: allOf: - $ref: '#/definitions/ConfigurationState' - properties: segment_path: description: |- Segment path readOnly: true title: |- Segment path type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment state on specific Enforcement Point. title: |- Segment state on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentConfigurationStateListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of Segment State on specific Enforcement Point items: $ref: '#/definitions/SegmentConfigurationState' title: |- Paged Collection of Segment State on specific Enforcement Point type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics SegmentCrossSiteTrafficStats: properties: last_update_timestamp: description: | Timestamp when the l2 forwarder statistics was last updated. format: int64 readOnly: true type: integer rx_stats: $ref: '#/definitions/InterSitePortCounters' description: |- Total received data counters. readOnly: true title: |- Received data counters segment_path: description: | Policy path of Segment to attach interface. readOnly: true title: |- Policy path of Segment to attach interface type: string tx_stats: $ref: '#/definitions/InterSitePortCounters' description: |- Total sent data counters. readOnly: true title: |- Sent data counters type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentDhcpConfig: description: | DHCP IPv4 and IPv6 configurations are extended from this abstract class. discriminator: resource_type properties: dns_servers: description: | IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 2 title: |- DNS servers for subnet type: array lease_time: default: 86400 description: | DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. format: int64 maximum: 4294967295 minimum: 60 title: |- DHCP lease time for subnet type: integer resource_type: enum: - SegmentDhcpV4Config - SegmentDhcpV6Config type: string server_address: description: | IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment. format: ip-cidr-block type: string required: - resource_type title: |- DHCP configuration for segment subnet type: object x-vmw-nsx-module: PolicyConnectivity SegmentDhcpV4Config: allOf: - $ref: '#/definitions/SegmentDhcpConfig' - properties: options: $ref: '#/definitions/DhcpV4Options' description: | IPv4 DHCP options for segment subnet. title: |- DHCP options type: object x-vmw-nsx-module: PolicyConnectivity description: |- DHCP configuration of IPv4 subnet in a segment title: |- DHCP configuration of IPv4 subnet in a segment x-vmw-nsx-module: PolicyConnectivity SegmentDhcpV6Config: allOf: - $ref: '#/definitions/SegmentDhcpConfig' - properties: domain_names: description: | Domain names for subnet. items: type: string title: |- Domain names for subnet type: array excluded_ranges: description: |- Excluded addresses to define dynamic ip allocation ranges. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 128 minItems: 0 title: |- Excluded range of IPv6 addresses type: array preferred_time: description: | The length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated. format: int64 maximum: 4294967295 minimum: 60 title: |- Preferred time type: integer sntp_servers: description: | IPv6 address of SNTP servers for subnet. items: description: |- IPv6 address format: ipv6 type: string maxItems: 2 title: |- SNTP servers for subnet type: array type: object x-vmw-nsx-module: PolicyConnectivity description: |- DHCP configuration of IPv6 subnet in a segment title: |- DHCP configuration of IPv6 subnet in a segment x-vmw-nsx-module: PolicyConnectivity SegmentDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/DiscoveryProfileBindingMap' - properties: ip_discovery_profile_path: description: |- PolicyPath of associated IP Discovery Profile title: |- IP Discovery Profile Path type: string mac_discovery_profile_path: description: |- PolicyPath of associated Mac Discovery Profile title: |- Mac Discovery Profile Path type: string type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Segment. Using this entity, user can specify intent for applying discovery profile to particular segments. title: |- Segment Discovery Profile binding map x-vmw-nsx-module: PolicyDiscoveryProfileBinding SegmentDiscoveryProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Discovery Profile Binding Map list results items: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' title: |- Segment Discovery Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Paged collection of Segment Discovery Profile Binding Maps title: |- Paged collection of Segment Discovery Profile Binding Maps x-vmw-nsx-module: PolicyDiscoveryProfileBinding SegmentExtraConfig: description: | Segment extra config is intended for supporting vendor specific configuration on the data path, it can be set as key value string pairs on either segment or segment port. properties: config_pair: $ref: '#/definitions/UnboundedKeyValuePair' description: |- Key value pair in string for the configuration title: |- Key value pair in string for the configuration required: - config_pair title: |- Vendor specific configuration on segment or Segment port type: object x-vmw-nsx-module: PolicyConnectivity SegmentL2ForwarderSiteSpanInfo: properties: inter_site_forwarder_status: description: |- Inter-site forwarder status per node. items: $ref: '#/definitions/L2ForwarderStatusPerNode' readOnly: true title: |- Inter-site forwarder status per node type: array last_update_timestamp: description: | Timestamp when the L2 forwarder remote mac addresses was last updated. format: int64 readOnly: true type: integer remote_macs_per_site: description: | L2 forwarder remote mac addresses per site for logical switch. items: $ref: '#/definitions/L2ForwarderRemoteMacsPerSite' readOnly: true title: |- L2 forwarder remote mac addresses per site type: array segment_path: description: | Policy path of a segment. readOnly: true title: |- Segment path type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment list results items: $ref: '#/definitions/Segment' title: |- Segment list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Segments title: |- Paged collection of Segments x-vmw-nsx-module: PolicyConnectivity SegmentMacAddressListResult: allOf: - $ref: '#/definitions/ListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/MacTableEntry' type: array transport_node_id: description: |- Transport node identifier readOnly: true title: |- Transport node identifier type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics SegmentMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Segment. Using this entity, you can specify intent for applying monitoring profile to particular segment. title: |- Segment Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding SegmentMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Monitoring Profile Binding Map list results items: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' title: |- Segment Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Segment Monitoring Profile Binding Maps title: |- Paged collection of Segment Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding SegmentPort: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_bindings: description: |- Static address binding used for the port. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 512 title: |- Address bindings for the port type: array admin_state: default: UP description: |- Represents desired state of the segment port enum: - UP - DOWN title: |- Represents desired state of the segment port type: string attachment: $ref: '#/definitions/PortAttachment' description: |- Only VIF attachment is supported title: |- VIF attachment extra_configs: description: | This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port. items: $ref: '#/definitions/SegmentExtraConfig' title: |- Extra configs on segment port type: array ignored_address_bindings: description: | IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 16 minItems: 0 title: |- Address bindings to be ignored by IP Discovery module type: array init_state: description: | Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host. enum: - UNBLOCKED_VLAN - RESTORE_VIF title: |- Initial state of this logical ports type: string source_site_id: description: | This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM. readOnly: true title: |- source site(LM) id. type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization. title: |- Policy port object for segment x-vmw-nsx-module: PolicyConnectivity SegmentPortAttachmentState: description: |- VIF attachment state of a segment port properties: attachers: description: |- VM or vmknic entities that are attached to the Segment Port items: $ref: '#/definitions/PortAttacher' readOnly: true title: |- VM or vmknic entities that are attached to the Segment Port type: array id: description: |- VIF ID readOnly: true title: |- VIF ID type: string state: description: | A segment port must be in one of following states. FREE - If there are no active attachers. The port may or may not have an attachment ID configured on it. This state is applicable only to port of static type. ATTACHED - Segment port has exactly one active attacher and no further configuration is pending. ATTACHED_PENDING_CONF - Segment port has exactly one attacher, however it may not have been configured completely. Additional configuration will be provided by other nsx components. ATTACHED_IN_MOTION - Segment port has multiple active attachers. This state represents a scenario where VM is moving from one location (host or storage) to another (e.g. vmotion, vSphere HA) DETACHED - A temporary state after all port attachers have been detached. This state is applicable only to a port of ephemeral type and the port will soon be deleted. enum: - FREE - ATTACHED - ATTACHED_PENDING_CONF - ATTACHED_IN_MOTION - DETACHED readOnly: true title: |- State of the VIF attached to Segment Port type: string title: |- VIF attachment state of a segment port type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Place holder for the list result items: $ref: '#/definitions/SegmentPort' title: |- SegmentPort list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- List SegmentPort objects title: |- Paged collection of SegmentPort x-vmw-nsx-module: PolicyConnectivity SegmentPortMacAddressCsvListResult: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/SegmentPortMacTableCsvEntry' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortMacAddressListResult: allOf: - $ref: '#/definitions/ListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/SegmentPortMacTableEntry' type: array transport_node_id: description: |- Transport node identifier readOnly: true title: |- Transport node identifier type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortMacTableCsvEntry: allOf: - $ref: '#/definitions/CsvRecord' - properties: mac_address: description: |- The MAC address title: |- The MAC address type: string mac_type: description: |- The type of the MAC address enum: - STATIC - LEARNED type: string required: - mac_type - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortMacTableEntry: properties: mac_address: description: |- The MAC address title: |- The MAC address type: string mac_type: description: |- The type of the MAC address enum: - STATIC - LEARNED type: string required: - mac_type - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortState: description: | Contains realized state of the segment port. For example: transport node on which the port is located, discovered and realized address bindings of the port. properties: attachment: $ref: '#/definitions/SegmentPortAttachmentState' description: |- Segment port attachment state readOnly: true title: |- Segment port attachment state discovered_bindings: description: | Contains the list of address bindings for a segment port that were automatically dicovered using various snooping methods like ARP, DHCP etc. items: $ref: '#/definitions/AddressBindingEntry' title: |- Segment port bindings discovered automatically type: array duplicate_bindings: description: | If any address binding discovered on the port is also found on other port on the same segment, then it is included in the duplicate bindings list along with the ID of the port with which it conflicts. items: $ref: '#/definitions/DuplicateAddressBindingEntry' title: |- Duplicate segment port address bindings type: array realized_bindings: description: | List of segment port bindings that are realized. This list may be populated from the discovered bindings or manual user specified bindings. This binding configuration can be used by features such as firewall, spoof-guard, traceflow etc. items: $ref: '#/definitions/AddressBindingEntry' title: |- Realized segment port bindings type: array transport_node_ids: description: |- Identifiers of the transport nodes where the port is located items: type: string title: |- Identifiers of the transport nodes where the port is located type: array title: |- Realized state of the segment port on enforcement point type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentPortStatistics: allOf: - $ref: '#/definitions/LogicalPortStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment port statistics on specific Enforcement Point. title: |- Segment port statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentQoSProfileBindingMap: allOf: - $ref: '#/definitions/QoSProfileBindingMap' - properties: qos_profile_path: description: |- PolicyPath of associated QoS Profile title: |- QoS Profile Path type: string type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: | This entity will be used to establish association between qos profile and Segment. Using this entity, you can specify intent for applying qos profile to particular segment. title: |- Segment QoS Profile binding map x-vmw-nsx-module: PolicyQoSProfileBinding SegmentQoSProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment QoS Profile Binding Map list results items: $ref: '#/definitions/SegmentQoSProfileBindingMap' title: |- Segment QoS Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Paged collection of Segment QoS Profile Binding Maps title: |- Paged collection of Segment QoS Profile Binding Maps x-vmw-nsx-module: PolicyQoSProfileBinding SegmentSecurityProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bpdu_filter_allow: description: | Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7 items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 32 minItems: 0 title: |- Disable BPDU filtering on this whitelist type: array bpdu_filter_enable: default: true description: | Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default. title: |- BPDU filtering status type: boolean dhcp_client_block_enabled: default: false description: | Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP client block type: boolean dhcp_client_block_v6_enabled: default: false description: | Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP client block v6 type: boolean dhcp_server_block_enabled: default: true description: | Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP server block type: boolean dhcp_server_block_v6_enabled: default: true description: | Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP server block v6 type: boolean non_ip_traffic_block_enabled: default: false description: | A flag to block all traffic except IP/(G)ARP/BPDU. title: |- Enable non IP traffic block type: boolean ra_guard_enabled: default: false description: | Enable or disable Router Advertisement Guard. title: |- Enable Router Advertisement Guard type: boolean rate_limits: $ref: '#/definitions/TrafficRateLimits' description: |- Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is disabled by default title: |- Rate limiting configuration rate_limits_enabled: default: false description: | Enable or disable Rate Limits title: |- Enable Rate Limits type: boolean type: object x-vmw-nsx-module: PolicySegmentSecurity description: | Security features extended by policy operations for securing logical segments. title: |- Segment Security Profile x-vmw-nsx-module: PolicySegmentSecurity SegmentSecurityProfileBindingMap: allOf: - $ref: '#/definitions/SecurityProfileBindingMap' - properties: segment_security_profile_path: description: |- The policy path of the asscociated Segment Security profile title: |- Segment Security Profile Path type: string spoofguard_profile_path: description: |- The policy path of the asscociated SpoofGuard profile title: |- SpoofGuard Profile Path type: string type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: | Contains the binding relationship between segment and security profile. title: |- Security profile binding map for segment x-vmw-nsx-module: PolicySecurityProfileBinding SegmentSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment security profile binding map list results items: $ref: '#/definitions/SegmentSecurityProfileBindingMap' title: |- Segment security profile binding map list results type: array required: - results type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Paged collection of segment security profile binding maps title: |- Paged collection of segment security profile binding maps x-vmw-nsx-module: PolicySecurityProfileBinding SegmentSecurityProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Security profile list results items: $ref: '#/definitions/SegmentSecurityProfile' title: |- Segment Security profile list results type: array required: - results type: object x-vmw-nsx-module: PolicySegmentSecurity description: |- Paged collection of segment security profiles title: |- Paged collection of segment security profiles x-vmw-nsx-module: PolicySegmentSecurity SegmentStatistics: allOf: - $ref: '#/definitions/LogicalSwitchStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment statistics on specific Enforcement Point. title: |- Segment statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentSubnet: description: |- Subnet configuration for segment properties: dhcp_config: $ref: '#/definitions/SegmentDhcpConfig' description: | Additional DHCP configuration for current subnet. title: |- Additional DHCP configuration dhcp_ranges: description: | DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string minItems: 1 title: |- DHCP address ranges for dynamic IP allocation type: array gateway_address: description: | Gateway IP address in CIDR format for both IPv4 and IPv6. format: ip-cidr-block title: |- Gateway IP address. type: string network: description: | Network CIDR for this subnet calculated from gateway_addresses and prefix_len. readOnly: true title: |- Network CIDR for subnet type: string title: |- Subnet configuration for segment type: object x-vmw-nsx-module: PolicyConnectivity SelectableResourceReference: allOf: - $ref: '#/definitions/ResourceReference' - properties: selected: description: |- Set to true if this resource has been selected to be acted upon title: |- Set to true if this resource has been selected to be acted upon type: boolean required: - selected type: object x-vmw-nsx-module: ClusterRestore description: |- Resources to take action on title: |- Resources to take action on x-vmw-nsx-module: ClusterRestore SelfResourceLink: allOf: - $ref: '#/definitions/ResourceLink' - type: object x-vmw-nsx-module: Common description: |- The server will populate this field when returing the resource. Ignored on PUT and POST. title: |- Link to this resource x-vmw-nsx-module: Common Service: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_default: default: false description: | The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted. readOnly: true title: |- Flag for default services type: boolean service_entries: description: |- Service type items: $ref: '#/definitions/ServiceEntry' maxItems: 50 title: |- Service type type: array service_type: description: |- Type of service, EITHER or NON_ETHER title: |- Type of service, EITHER or NON_ETHER type: string type: object x-vmw-nsx-module: Policy description: | Used while defining a CommunicationEntry. A service may have multiple service entries. title: |- Contains the information related to a service x-vmw-nsx-module: Policy ServiceEntry: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - IPProtocolServiceEntry - IGMPTypeServiceEntry - ICMPTypeServiceEntry - ALGTypeServiceEntry - L4PortSetServiceEntry - EtherTypeServiceEntry - NestedServiceServiceEntry type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- A Service entry that describes traffic title: |- A Service entry that describes traffic x-vmw-nsx-module: Policy ServiceEntryListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service entry list results items: $ref: '#/definitions/ServiceEntry' title: |- Service entry list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Service entries title: |- Paged Collection of Service entries x-vmw-nsx-module: Policy ServiceInstanceEndpoint: allOf: - $ref: '#/definitions/BaseEndpoint' - properties: service_interface_path: description: |- Path of Service Interface to which this ServiceInstanceEndpoint is connected. readOnly: false title: |- Service Interface path type: string required: - service_interface_path type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy. title: |- Service EndPoint for Byod Policy Service Instance x-vmw-nsx-module: PolicyServiceInsertion ServiceInterface: allOf: - $ref: '#/definitions/BaseTier0Interface' - type: object x-vmw-nsx-module: PolicyConnectivity description: |- Service interface configuration for internal connectivity. title: |- Service interface configuration x-vmw-nsx-module: PolicyConnectivity ServiceInterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service Interface list results items: $ref: '#/definitions/ServiceInterface' title: |- Service Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Service Interfaces title: |- Paged collection of Service Interfaces x-vmw-nsx-module: PolicyConnectivity ServiceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service list results items: $ref: '#/definitions/Service' title: |- Service list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Services title: |- Paged Collection of Services x-vmw-nsx-module: Policy ServiceReference: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: |- A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled readOnly: false title: |- Operational state of the Service. type: boolean partner_service_name: description: |- Unique name of Partner Service to be consumed for redirection. title: |- Name of Partner Service type: string required: - partner_service_name type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- An anchor object representing the intent to consume a given 3rd party service. title: |- An anchor object representing the intent to consume a given 3rd party service. x-vmw-nsx-module: PolicyServiceInsertion ServiceSegment: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: lr_paths: description: |- Policy paths of logical routers or ports | to which this Service Segment can be connected. items: type: string title: |- Policy paths of logical routers type: array transport_zone_path: description: |- Policy path to transport zone. Only overlay transport zone is supported. title: |- Policy path to the transport zone type: string required: - transport_zone_path type: object x-vmw-nsx-module: PolicyConnectivity description: | Service Segment configuration to attach Service Insertion VM. title: |- Service Segment configuration x-vmw-nsx-module: PolicyConnectivity SessionTimerProfileBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Session timer profile binding maps list results items: $ref: '#/definitions/SessionTimerProfileBindingMap' title: |- Session timer profile binding maps list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of session timer profile binding maps title: |- Paged Collection of session timer profile binding maps x-vmw-nsx-module: PolicyProfile SessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between Session Timer profile and Logical Routers. title: |- Policy Session Timer Profile binding map x-vmw-nsx-module: PolicyProfile SetFields: allOf: - $ref: '#/definitions/Action' - properties: field_settings: description: |- Field Settings. items: $ref: '#/definitions/FieldSetting' minItems: 1 title: |- Field Settings type: array type: object x-vmw-nsx-module: PolicyReaction description: | Set Fields is an action to set fields of the source event. title: |- Set Fields x-vmw-nsx-module: PolicyReaction SetInterSiteAphCertificateRequest: description: |- Data for setting Appliance Proxy certificate for inter-site communication properties: cert_id: description: |- ID of the certificate that is already imported. readOnly: true title: |- Certificate ID type: string used_by_id: description: |- ID of the node that this certificate is used on. readOnly: true title: |- Node ID type: string title: |- Data for setting Appliance Proxy certificate for inter-site communication type: object x-vmw-nsx-module: CertificateManager SetPrincipalIdentityCertificateForFederationRequest: description: |- Data for setting a principal identity certificate properties: cert_id: description: |- Id of the certificate readOnly: true type: string service_type: description: |- Service type for which the certificate should be used. enum: - LOCAL_MANAGER - GLOBAL_MANAGER readOnly: true type: string title: |- Data for setting a principal identity certificate type: object x-vmw-nsx-module: CertificateManager Site: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: fail_if_rtep_misconfigured: default: true description: | Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail. title: |- Fail onboarding if RTEPs misconfigured type: boolean fail_if_rtt_exceeded: default: true description: | Fail onboarding if maximum RTT exceeded. title: |- Fail onboarding if maximum RTT exceeded type: boolean federation_config: $ref: '#/definitions/GmFederationSiteConfig' description: |- System managed federation config. readOnly: true title: |- Federation releated config maximum_rtt: default: 250 description: | If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. format: int64 maximum: 1000 minimum: 0 title: |- Maximum acceptable packet round trip time (RTT) type: integer site_connection_info: description: | To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate. items: $ref: '#/definitions/SiteNodeConnectionInfo' maxItems: 3 title: |- Connection information type: array site_number: description: |- 12-bit system generated site number format: int64 readOnly: true title: |- 12-bit system generated site number type: integer type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Site represents an NSX deployment having its own set of NSX clusters and transport nodes. It may correspond to a Data Center, VMC deployment, or NSX-Cloud deployment managed via CSM. title: |- Site x-vmw-nsx-module: PolicyEnforcementPointManagement SiteAllocationIndexForEdge: description: | Index for cross site allocation for edge cluster and its members referred by gateway. properties: index: description: | Unqiue edge cluster node index across sites based on stretch of the Gateway. For example, if a Gateway is streched to sites S1 with one edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes, the in the Global Manager will allocate the index for 5 edge nodes and 2 cluster in the rage 0 to 7. format: int64 readOnly: true title: |- Unique index across sites for gateway span type: integer target_resource_path: description: |- Edge cluster or edge node path readOnly: true title: |- Edge cluster or edge node path type: string title: | Allocation index for edge type: object x-vmw-nsx-module: PolicyConnectivity SiteCleanupPending: description: | SiteCleanupPending contains information about the resource cleanup from sites. properties: marked_for_delete: description: | Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. readOnly: true title: |- Indicates whether the resource is marked for deletion type: boolean pending_sites: description: | List of SpanSiteInfos representing the strech of the entity. items: $ref: '#/definitions/SpanSiteInfo' readOnly: true title: |- List of SpanSiteInfos type: array resource_path: description: | Policy resource which is either marked for delete or in process of deletion from site. readOnly: true title: |- Policy path of an resource. type: string title: |- Details for cleanup of resource. type: object x-vmw-nsx-module: GmSiteCleanupPending SiteCleanupPendingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- SiteCleanupPending list results items: $ref: '#/definitions/SiteCleanupPending' readOnly: true title: |- SiteCleanupPending list results type: array type: object x-vmw-nsx-module: GmSiteCleanupPending description: |- Paged collection of SiteCleanupPending title: |- Paged collection of SiteCleanupPending x-vmw-nsx-module: GmSiteCleanupPending SiteFederationConfig: description: |- Site fedeation configuration. properties: rtep_ips: description: |- Remote tunnel endpoint IP addresses items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote tunnel endpoint IP addresses type: array site_id: description: |- Site UUID readOnly: true title: |- Site UUID type: string site_index: description: |- Unique site index allocated (from range 0-4095) format: int64 readOnly: true title: |- Unique site index allocated (from range 0-4095) type: integer site_path: description: |- Site path readOnly: true title: |- Site path type: string title: |- Site fedeation configuration type: object x-vmw-nsx-module: PolicySiteGM SiteListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Site list result. items: $ref: '#/definitions/Site' title: |- Site List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Sites. title: |- Paged Collection of Sites x-vmw-nsx-module: PolicyEnforcementPointManagement SiteNodeConnectionInfo: description: |- Credential info to connect to a node in the federated remote site. properties: fqdn: description: | Please specify the fqdn of the Management Node of your site. title: |- Fully Qualified Domain Name of the Management Node type: string password: description: |- Password to connect to Site's Local Manager. title: |- Password type: string thumbprint: description: | Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username to connect to Site's Local Manager. title: |- Username type: string required: - fqdn title: |- Site Node Connection Info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement SiteOnboardingPreference: allOf: - $ref: '#/definitions/ManagedResource' - properties: ignore_import: description: | Represents user's decision to ignore onboarding option for a site. User will not be shown onboarding message or will failing onboarding when ignore status is set to 'true'. readOnly: true title: |- Ignore Import Preference type: boolean site_id: description: | Unique site identifier. readOnly: true title: |- Site Identifier type: string type: object x-vmw-nsx-module: GmConfigOnboarding description: | User onboarding preference for site. title: |- User Onboarding Preference x-vmw-nsx-module: GmConfigOnboarding Source: description: | Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. The Source is responsible for providing information of the occurred event. Some example sources include: - Resource. - API. discriminator: resource_type properties: resource_type: description: | Event Source resource type. enum: - ResourceOperation - ApiRequestBody title: |- Resource Type type: string required: - resource_type title: |- Event Source type: object x-vmw-nsx-module: PolicyReaction SourceFieldEvaluation: allOf: - $ref: '#/definitions/Evaluation' - properties: expected: description: | Expected values necessary to apply the specified operation on the source field value. items: type: string maxItems: 1 minItems: 1 title: |- Operator Arguments type: array field_pointer: description: | Field in the form of a pointer, describing the location of the attribute within the source of the event. title: |- Field Pointer type: string operator: description: |- Logical operator. enum: - EQ - NOT_EQ title: |- Logical Operator type: string required: - operator - expected - field_pointer type: object x-vmw-nsx-module: PolicyReaction description: | Source Field Evaluation represents an evaluation on resource fields. A source field evaluation will be evaluated against an Event Source which is of type Resource Operation. For instance, the attribute constraint could be related to the necessity that one of the source fields equals one of the specified values. title: |- Source Field Evaluation x-vmw-nsx-module: PolicyReaction Span: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: sites: description: | List of SpanSiteInfos representing the strech of the entity. items: $ref: '#/definitions/SpanSiteInfo' readOnly: true title: |- List of SpanSiteInfos type: array span_leader: description: | Represents Policy resource type streached entity's span leader. readOnly: true title: |- Policy resource type of span leader type: string span_resource: description: | Represents Policy resource path of streached entity. readOnly: true title: |- Policy resource path type: string span_resource_type: description: | Policy resource type of the streached entity. readOnly: true title: |- Policy resource type type: string type: object x-vmw-nsx-module: PolicySitesSpan description: | Represents the strech information for a federated entity available only on local manager. title: |- Represents strech information for federated entity. x-vmw-nsx-module: PolicySitesSpan SpanSiteInfo: description: | Represents the Site resource information for a Span entity including both the internal id as well as the site path. properties: site_id: description: | Site UUID representing the Site resource readOnly: true title: |- Internal ID of the Site resource type: string site_path: description: | Path of the Site resource readOnly: true title: |- Path of the Site resource type: string title: |- Represents Site resource for Span entity. type: object x-vmw-nsx-module: PolicySitesSpan SpoofGuardProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_binding_whitelist: default: false description: | If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the whitelist. title: |- Enable SpoofGuard type: boolean required: - address_binding_whitelist type: object x-vmw-nsx-module: PolicySpoofGuard description: | SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed. title: |- SpoofGuard Profile x-vmw-nsx-module: PolicySpoofGuard SpoofGuardProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- SpoofGuard profile list results items: $ref: '#/definitions/SpoofGuardProfile' title: |- SpoofGuard profile list results type: array required: - results type: object x-vmw-nsx-module: PolicySpoofGuard description: |- Paged collection of SpoofGuard profiles title: |- Paged collection of SpoofGuard profiles x-vmw-nsx-module: PolicySpoofGuard SslTrustObjectData: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: key_algo: description: |- Key algorithm contained in this certificate type: string passphrase: description: |- Password for private key encryption readOnly: false type: string pem_encoded: description: |- pem encoded certificate data readOnly: false type: string private_key: description: |- private key data readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: TempPolicyLoadBalancer x-vmw-nsx-module: TempPolicyLoadBalancer StandaloneHostIdfwConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: idfw_enabled: description: |- If set to true, Idfw is enabled for standalone hosts readOnly: false title: |- Idfw enabled flag type: boolean required: - idfw_enabled type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: | Idfw configuration for enable/disable idfw on standalone hosts. title: |- Standalone host idfw configuration x-vmw-nsx-module: PolicyFirewallConfiguration StatItem: description: |- Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. properties: drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. title: |- Id of drilldown widget type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the stat. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array total: description: |- If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown. title: |- Total type: string value: description: |- Expression for stat to be displayed. maxLength: 1024 title: |- Stat type: string required: - value title: |- Statistic of an entity type: object x-vmw-nsx-module: NsxDashboard StaticARPConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_address: description: |- IP Address format: ip type: string mac_address: description: |- MAC Address format: mac-address type: string required: - ip_address - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains Static ARP configuration for Segment. title: |- Static ARP Config x-vmw-nsx-module: PolicyConnectivity StaticFilter: description: |- Static filters properties: display_name: description: |- display name to be shown in the drop down for static filter. maxLength: 1024 title: |- Display name for static filter type: string value: description: |- Value of static filter inside dropdown filter. title: |- Value of static filter type: string title: |- Static filters type: object x-vmw-nsx-module: NsxDashboard StaticRouteBfdPeer: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bfd_profile_path: description: |- Bfd Profile is not supported for IPv6 networks. title: |- Policy path to Bfd Profile type: string enabled: default: true description: |- Flag to enable BFD peer. title: |- Enable BFD Peer type: boolean peer_address: description: |- Only IPv4 addresses are supported. Only a single BFD config per peer address is allowed. title: |- IP Address of static route next hop peer type: string scope: description: | Represents the array of policy paths of locale services where this BFD peer should get relalized on. The locale service service and this BFD peer must belong to the same router. Default scope is empty. items: type: string title: |- Array of policy paths of locale services type: array source_addresses: description: |- Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Only IPv4 addresses are supported. items: type: string maxItems: 8 minItems: 0 title: |- List of source IP addresses type: array required: - peer_address type: object x-vmw-nsx-module: PolicyConnectivity description: |- Static Route Bidirectional Forwarding Detection Peer title: |- Static Route Bidirectional Forwarding Detection Peer x-vmw-nsx-module: PolicyConnectivity StaticRouteBfdPeerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- StaticRouteBfdPeer list results. items: $ref: '#/definitions/StaticRouteBfdPeer' title: |- StaticRouteBfdPeer list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of StaticRouteBfdPeer. title: |- Paged Colleciton of StaticRouteBfdPeer x-vmw-nsx-module: PolicyConnectivity StaticRoutes: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled_on_secondary: default: false description: | When false or by default northbound routes are configured only on the primary location and not on secondary location. When true, the static route will also be configured on a secondary location. Secondary location prefers route learned from the primary location and enabling this flag secondary location can override this. This flag is not applicable if all sites are primary. title: |- Flag to plumb route on secondary site type: boolean network: description: | Specify network address in CIDR format. format: address-or-block-or-range type: string next_hops: description: | Specify next hop routes for network. items: $ref: '#/definitions/RouterNexthop' minItems: 1 title: |- Next hop routes for network type: array required: - next_hops - network type: object x-vmw-nsx-module: PolicyConnectivity description: |- Static routes configuration on Tier-0 or Tier-1. title: |- Static routes configuration on Tier-0 or on Tier-1 x-vmw-nsx-module: PolicyConnectivity StaticRoutesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Static Routes list results items: $ref: '#/definitions/StaticRoutes' title: |- Static Routes list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Static Routes title: |- Paged collection of Static Routes x-vmw-nsx-module: PolicyConnectivity StatsConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: label: $ref: '#/definitions/Label' description: |- Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled. title: |- Label of the Stats Configuration navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string sections: description: |- Sections items: $ref: '#/definitions/DonutSection' minItems: 0 title: |- Sections type: array stat: $ref: '#/definitions/StatItem' description: |- Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed. title: |- Expression for feching statistic of an entity sub_type: description: |- A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space. enum: - COMPACT title: |- Sub-type of the StatsConfiguration type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states. title: |- Stats Configuration x-vmw-nsx-module: NsxDashboard StringArrayConstraintValue: allOf: - $ref: '#/definitions/ConstraintValue' - properties: values: description: |- Array of string values items: type: string maxItems: 100 minItems: 1 title: |- Array of String type: array required: - values type: object x-vmw-nsx-module: PolicyConstraints description: |- List of String values title: |- Array of String Values to perform operation x-vmw-nsx-module: PolicyConstraints Tag: description: |- Arbitrary key-value pairs that may be attached to an entity properties: scope: default: '' description: |- Tag searches may optionally be restricted by scope maxLength: 128 readOnly: false title: |- Tag scope type: string tag: default: '' description: |- Identifier meaningful to user with maximum length of 256 characters readOnly: false title: |- Tag value type: string title: |- Arbitrary key-value pairs that may be attached to an entity type: object x-vmw-nsx-module: Common TaskProperties: allOf: - $ref: '#/definitions/Resource' - properties: async_response_available: description: |- True if response for asynchronous request is available readOnly: true title: |- True if response for asynchronous request is available type: boolean cancelable: description: |- True if this task can be canceled readOnly: true title: |- True if this task can be canceled type: boolean description: description: |- Description of the task readOnly: true title: |- Description of the task type: string end_time: description: |- The end time of the task in epoch milliseconds format: int64 readOnly: true type: integer id: description: |- Identifier for this task readOnly: true title: |- Identifier for this task type: string message: description: |- A message describing the disposition of the task readOnly: true title: |- A message describing the disposition of the task type: string progress: description: |- Task progress if known, from 0 to 100 format: int64 maximum: 100 minimum: 0 readOnly: true title: |- Task progress if known, from 0 to 100 type: integer request_method: description: |- HTTP request method readOnly: true title: |- HTTP request method type: string request_uri: description: |- URI of the method invocation that spawned this task readOnly: true title: |- URI of the method invocation that spawned this task type: string start_time: description: |- The start time of the task in epoch milliseconds format: int64 readOnly: true type: integer status: description: |- Current status of the task enum: - running - error - success - canceling - canceled - killed readOnly: true type: string user: description: |- Name of the user who created this task readOnly: true title: |- Name of the user who created this task type: string type: object x-vmw-nsx-module: Common description: |- Task properties title: |- Task properties x-vmw-nsx-module: Common TcpHeader: properties: dst_port: description: |- Destination port of tcp header format: int64 maximum: 65535 minimum: 0 title: |- Destination port of tcp header type: integer src_port: description: |- Source port of tcp header format: int64 maximum: 65535 minimum: 0 title: |- Source port of tcp header type: integer tcp_flags: description: |- TCP flags (9bits) format: int64 maximum: 511 minimum: 0 title: |- TCP flags (9bits) type: integer type: object x-vmw-nsx-module: Traceflow TcpMaximumSegmentSizeClamping: description: |- TCP MSS Clamping Direction and Value. properties: direction: default: NONE description: | Specifies the traffic direction for which to apply MSS Clamping. enum: - NONE - INBOUND_CONNECTION - OUTBOUND_CONNECTION - BOTH title: |- Maximum Segment Size Clamping Direction type: string max_segment_size: description: | MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 216 to 8960. format: int64 maximum: 8902 minimum: 108 title: |- Maximum Segment Size Value type: integer title: |- TCP MSS Clamping type: object x-vmw-nsx-module: PolicyIPSecVpn TcpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over TCP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over TCP x-vmw-nsx-module: TempPolicyLoadBalancer TcpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over TCP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over TCP x-vmw-nsx-module: TempPolicyLoadBalancer Tier0: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: advanced_config: $ref: '#/definitions/Tier0AdvancedConfig' description: |- NSX specific configuration for tier-0 title: |- Advanced configuration for tier-0 arp_limit: description: | Maximum number of ARP entries per transport node. format: int32 maximum: 50000 minimum: 5000 title: |- ARP limit per transport node type: integer default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field. title: |- Enable logging for whitelisted rule type: boolean x-deprecated: true dhcp_config_paths: description: | DHCP configuration for Segments connected to Tier-0. DHCP service is configured in relay mode. items: type: string maxItems: 1 minItems: 0 title: |- DHCP configuration for Segments connected to Tier-0 type: array disable_firewall: default: false description: |- Disable or enable gateway fiewall. title: |- Disable gateway firewall type: boolean failover_mode: default: NON_PREEMPTIVE description: | Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property is not used when the ha_mode property is set to ACTIVE_ACTIVE. Only applicable when edge cluster is configured in Tier0 locale-service. enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode type: string federation_config: $ref: '#/definitions/FederationGatewayConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config force_whitelisting: default: false description: | This field is deprecated and recommended to change Rule action field. Note that this field is not synchronized with default rule field. title: |- Flag to add whitelisting FW rule during realization type: boolean x-deprecated: true ha_mode: default: ACTIVE_ACTIVE description: | Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE. When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY, inter SR iBGP (in BGP) is disabled. Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable inter SR iBGP (in BGP) and previously configured preferred edge nodes (in Tier0 locale-service) are removed. enum: - ACTIVE_ACTIVE - ACTIVE_STANDBY title: |- High-availability Mode for Tier-0 type: string internal_transit_subnets: description: | Specify subnets that are used to assign addresses to logical links connecting service routers and distributed routers. Only IPv4 addresses are supported. When not specified, subnet 169.254.0.0/24 is assigned by default in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode. items: format: ip-cidr-block type: string maxItems: 1 title: |- Internal transit subnets in CIDR format type: array intersite_config: $ref: '#/definitions/IntersiteGatewayConfig' description: |- Inter site routing configuration when the gateway is streched. title: |- Inter site routing configuration ipv6_profile_paths: description: | IPv6 NDRA and DAD profiles configuration on Tier0. Either or both NDRA and/or DAD profiles can be configured. items: type: string maxItems: 2 minItems: 0 title: |- IPv6 NDRA and DAD profiles configuration type: array rd_admin_field: description: | If you are using EVPN service, then route distinguisher administrator address should be defined if you need auto generation of route distinguisher on your VRF configuration. format: ip type: string transit_subnets: description: | Specify transit subnets that are used to assign addresses to logical links connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported. When not specified, subnet 100.64.0.0/16 is configured by default. items: format: ip-cidr-block type: string title: |- Transit subnets in CIDR format type: array vrf_config: $ref: '#/definitions/Tier0VrfConfig' description: |- VRF config, required for VRF Tier0. title: |- VRF config type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 configuration for external connectivity. title: |- Tier-0 configuration x-vmw-nsx-module: PolicyConnectivity Tier0AdvancedConfig: allOf: - $ref: '#/definitions/ConnectivityAdvancedConfig' - properties: forwarding_up_timer: default: 0 description: | Extra time in seconds the router must wait before sending the UP notification after the peer routing session is established. Default means forward immediately. VRF logical router will set it same as parent logical router. format: int64 maximum: 300 minimum: 0 title: |- Forwarding up timer type: integer type: object x-vmw-nsx-module: PolicyConnectivity description: |- NSX specific configuration for tier-0 title: |- Advanced configuration for tier-0 x-vmw-nsx-module: PolicyConnectivity Tier0DeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point: description: |- Path of enforcement point on which Tier-0 shall be deployed. title: |- Absolute Path of Enforcement Point type: string required: - enforcement_point type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of Tier-0 to the enforcement point. title: |- Tier-0 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier0DeploymentMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 Deployment Maps. items: $ref: '#/definitions/Tier0DeploymentMap' title: |- Tier-0 Deployment Maps type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of Tier-0 Deployment Map. title: |- Paged Collection of Tier-0 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier0GatewayState: description: |- Tier0 gateway state properties: auto_rds: $ref: '#/definitions/AutoRds' description: |- Object that holds auto assigned route distingushers for this gateway. title: |- Auto assigned Route Distingushers enforcement_point_path: description: | String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. title: |- Enforcement point path type: string ipv6_status: description: | IPv6 DAD status for interfaces configured on Tier0 items: $ref: '#/definitions/IPv6Status' title: |- IPv6 DAD status for Tier0 interfaces type: array tier0_state: $ref: '#/definitions/LogicalRouterState' description: | Detailed realized state information for Tier0 title: |- Tier0 state tier0_status: $ref: '#/definitions/LogicalRouterStatus' description: | Detailed realized status information for Tier0 title: |- Tier0 status title: |- Tier0 gateway state type: object x-vmw-nsx-module: PolicyConnectivityStatistics Tier0HaVipConfig: description: |- Tier0 HA VIP Config properties: enabled: default: true description: |- Flag to enable this HA VIP config. title: |- Flag to enable this HA VIP config. type: boolean external_interface_paths: description: |- Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active. items: type: string minItems: 2 title: |- Policy paths to Tier0 external interfaces for providing redundancy type: array vip_subnets: description: |- Array of IP address subnets which will be used as floating IP addresses. items: $ref: '#/definitions/InterfaceSubnet' maxItems: 2 minItems: 1 title: |- VIP floating IP address subnets type: array required: - external_interface_paths - vip_subnets title: |- Tier0 HA VIP Config type: object x-vmw-nsx-module: PolicyConnectivity Tier0Interface: allOf: - $ref: '#/definitions/BaseTier0Interface' - properties: access_vlan_id: description: |- Vlan id. format: int64 type: integer edge_cluster_member_index: description: | Specify association of interface with edge cluster member. This property is deprecated, use edge_path instead. When both properties are specifed, only edge_path property is used. format: int32 minimum: 0 title: |- Association of interface with edge cluster member type: integer x-deprecated: true edge_path: description: | Policy path to edge node to handle external connectivity. Required when interface type is EXTERNAL. title: |- Policy path to edge node type: string igmp_local_join_groups: description: | IGMP local join groups configuration. items: description: |- IPv4 address format: ipv4 type: string title: |- IGMP local join groups configuration type: array ipv6_profile_paths: description: | Configuration IPv6 NDRA profile. Only one NDRA profile can be configured. items: type: string maxItems: 1 minItems: 0 title: |- IPv6 NDRA profile configuration type: array ls_id: description: | Specify logical switch to which tier-0 interface is connected for external access. This property is deprecated, use segment_path instead. Both properties cannot be used together. title: |- Logical switch id to attach tier-0 interface type: string x-deprecated: true mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 64 title: |- MTU size type: integer multicast: $ref: '#/definitions/Tier0InterfacePimConfig' description: | Multicast PIM configuration. title: |- Multicast PIM configuration ospf: $ref: '#/definitions/PolicyInterfaceOspfConfig' description: |- OSPF configuration. title: |- OSPF configuration proxy_arp_filters: description: | Array of prefix lists used to specify filtering for ARP proxy. Prefixes in this array are used to configure ARP proxy entries on Tier-0 gateway (for uplinks). items: type: string maxItems: 1 minItems: 0 title: |- List of proxy Address Resolution Protocol Filters type: array segment_path: description: | Specify Segment to which this interface is connected to. Either segment_path or ls_id property is required. title: |- Segment to attach tier-0 interface type: string type: default: EXTERNAL description: | Interface type enum: - EXTERNAL - SERVICE - LOOPBACK title: |- Interface type type: string urpf_mode: default: STRICT description: |- Unicast Reverse Path Forwarding mode enum: - NONE - STRICT title: |- Unicast Reverse Path Forwarding mode type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 interface configuration for external connectivity. title: |- Tier-0 interface configuration x-vmw-nsx-module: PolicyConnectivity Tier0InterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 Interface list results items: $ref: '#/definitions/Tier0Interface' title: |- Tier-0 Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-0 Interfaces title: |- Paged collection of Tier-0 Interfaces x-vmw-nsx-module: PolicyConnectivity Tier0InterfacePimConfig: description: |- Multicast PIM configuration. properties: enabled: default: false description: | enable/disable PIM configuration. title: |- enable/disable PIM configuration type: boolean hello_interval: default: 30 description: | PIM hello interval(seconds) at interface level. format: int32 maximum: 180 minimum: 1 title: |- PIM hello interval at interface level type: integer hold_interval: description: | PIM hold interval(seconds) at interface level. format: int32 maximum: 630 minimum: 1 title: |- PIM hold interval at interface level type: integer title: |- Multicast PIM configuration type: object x-vmw-nsx-module: PolicyConnectivity Tier0ListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 list results items: $ref: '#/definitions/Tier0' title: |- Tier-0 list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-0s title: |- Paged collection of Tier-0s x-vmw-nsx-module: PolicyConnectivity Tier0RouteMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: entries: description: | Ordered list of route map entries. items: $ref: '#/definitions/RouteMapEntry' maxItems: 1000 minItems: 1 title: |- Ordered list of route map entries type: array required: - entries type: object x-vmw-nsx-module: PolicyConnectivity description: |- RouteMap for redistributing routes to BGP and other routing protocols title: |- RouteMap for redistributing routes to BGP and other routing protocols x-vmw-nsx-module: PolicyConnectivity Tier0RouteMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier0RouteMap results items: $ref: '#/definitions/Tier0RouteMap' title: |- Tier0RouteMap results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of RouteMaps title: |- Paged collection of RouteMaps x-vmw-nsx-module: PolicyConnectivity Tier0RouteRedistributionConfig: description: |- Route Redistribution config properties: bgp_enabled: default: true description: |- Flag to enable route redistribution for BGP. title: |- Flag to enable route redistribution for BGP. type: boolean ospf_enabled: default: false description: |- Flag to enable route redistribution for OSPF. title: |- Flag to enable route redistribution for OSPF. type: boolean redistribution_rules: default: [] description: | List of redistribution rules. items: $ref: '#/definitions/Tier0RouteRedistributionRule' maxItems: 5 minItems: 0 type: array title: |- Route Redistribution config type: object x-vmw-nsx-module: PolicyConnectivity Tier0RouteRedistributionRule: description: |- Single route redistribution rule properties: destinations: description: | Each rule can have more than one destinations. If destinations not specified for a given rule, default destionation will be BGP items: default: BGP enum: - BGP - OSPF type: string title: |- List of destination for a given redistribution rule type: array name: description: |- Rule name title: |- Rule name type: string route_map_path: description: |- Route map to be associated with the redistribution rule type: string route_redistribution_types: description: |- List of redistribution types items: description: | Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. Route redistribution destination is BGP. enum: - TIER0_STATIC - TIER0_CONNECTED - TIER0_EXTERNAL_INTERFACE - TIER0_SEGMENT - TIER0_ROUTER_LINK - TIER0_SERVICE_INTERFACE - TIER0_LOOPBACK_INTERFACE - TIER0_DNS_FORWARDER_IP - TIER0_IPSEC_LOCAL_IP - TIER0_NAT - TIER0_EVPN_TEP_IP - TIER1_NAT - TIER1_STATIC - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_CONNECTED - TIER1_SERVICE_INTERFACE - TIER1_SEGMENT - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- List of redistribution types type: array required: - route_redistribution_types title: |- Single route redistribution rule type: object x-vmw-nsx-module: PolicyConnectivity Tier0VrfConfig: description: |- Tier-0 vrf configuration. properties: evpn_l2_vni_config: $ref: '#/definitions/VrfEvpnL2VniConfig' description: | It is required for VRF to participate in the EVPN service in ROUTE_SERVER mode. title: |- VRF configurations required for EVPN service in ROUTE_SERVER mode. evpn_transit_vni: description: | L3 VNI associated with the VRF for overlay traffic of ethernet virtual private network (EVPN). It must be unique and available from the VNI pool defined for EVPN service. It is required for VRF to participate in the EVPN service in INLINE mode. format: int32 title: |- L3 VNI associated with the VRF for overlay traffic type: integer route_distinguisher: description: |- Route distinguisher with format in IPAddress: or ASN:. title: |- Route distinguisher type: string route_targets: description: |- Route targets. items: $ref: '#/definitions/VrfRouteTargets' maxItems: 1 minItems: 1 title: |- Route targets type: array tier0_path: description: | Default tier0 path. Cannot be modified after realization. title: |- Tier0 path type: string required: - tier0_path title: |- Tier-0 vrf configuration type: object x-vmw-nsx-module: PolicyConnectivity Tier1: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: arp_limit: description: | Maximum number of ARP entries per transport node. format: int32 maximum: 50000 minimum: 5000 title: |- ARP limit per transport node type: integer default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field. title: |- Enable logging for whitelisted rule type: boolean x-deprecated: true dhcp_config_paths: description: | DHCP configuration for Segments connected to Tier-1. DHCP service is enabled in relay mode. items: type: string maxItems: 1 minItems: 0 title: |- DHCP configuration for Segments connected to Tier-1 type: array disable_firewall: default: false description: |- Disable or enable gateway fiewall. title: |- Disable gateway firewall type: boolean enable_standby_relocation: default: false description: | Flag to enable standby service router relocation. Standby relocation is not enabled until edge cluster is configured for Tier1. title: |- Flag to enable standby service router relocation. type: boolean failover_mode: default: NON_PREEMPTIVE description: | Determines the behavior when a Tier-1 instance restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. Only applicable when edge cluster is configured in Tier1 locale-service. enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode type: string federation_config: $ref: '#/definitions/FederationGatewayConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config force_whitelisting: default: false description: | This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field. title: |- Flag to add whitelisting FW rule during realization type: boolean x-deprecated: true intersite_config: $ref: '#/definitions/IntersiteGatewayConfig' description: |- Inter site routing configuration when the gateway is streched. title: |- Inter site routing configuration ipv6_profile_paths: description: | Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured. items: type: string maxItems: 2 minItems: 0 title: |- IPv6 NDRA and DAD profiles configuration type: array pool_allocation: default: ROUTING description: | Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements. ROUTING: Allocate edge node to provide routing services. LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer service that will be configured on TIER1 gateway. enum: - ROUTING - LB_SMALL - LB_MEDIUM - LB_LARGE - LB_XLARGE title: |- Edge node allocation size type: string qos_profile: $ref: '#/definitions/GatewayQosProfileConfig' description: | QoS Profile configuration for Tier1 router link connected to Tier0 gateway. title: |- Gateway QoS Profile configuration route_advertisement_rules: description: |- Route advertisement rules and filtering items: $ref: '#/definitions/RouteAdvertisementRule' title: |- Route advertisement rules and filtering type: array route_advertisement_types: description: | Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. items: description: | Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets. enum: - TIER1_STATIC_ROUTES - TIER1_CONNECTED - TIER1_NAT - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable different types of route advertisements type: array tier0_path: description: | Specify Tier-1 connectivity to Tier-0 instance. title: |- Tier-1 connectivity to Tier-0 type: string type: description: | Tier1 connectivity type for reference. Property value is not validated with Tier1 configuration. ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled. ISOLATED: Tier1 is not connected to any Tier0 gateway. NATTED: Tier1 is in ROUTED type with NAT configured locally. enum: - ROUTED - ISOLATED - NATTED title: |- Tier1 type type: string type: object x-vmw-nsx-module: PolicyConnectivity description: | Tier-1 instance configuration. title: |- Tier-1 x-vmw-nsx-module: PolicyConnectivity Tier1DeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point: description: |- Path of enforcement point on which Tier-1 shall be deployed. title: |- Absolute path of Enforcement Point type: string required: - enforcement_point type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of Tier-1 to the enforcement point. title: |- Tier-1 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier1GatewayState: description: |- Tier1 gateway state properties: enforcement_point_path: description: | String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. title: |- Enforcement point path type: string ipv6_status: description: | IPv6 DAD status for interfaces configured on Tier1 items: $ref: '#/definitions/IPv6Status' title: |- IPv6 DAD status for Tier1 interfaces type: array tier1_state: $ref: '#/definitions/LogicalRouterState' description: | Detailed realized state information for Tier1 title: |- Tier1 state tier1_status: $ref: '#/definitions/LogicalRouterStatus' description: | Detailed realized status information for Tier1 title: |- Tier1 status title: |- Tier1 gateway state type: object x-vmw-nsx-module: PolicyConnectivityStatistics Tier1Interface: allOf: - $ref: '#/definitions/BaseTier0Interface' - properties: ipv6_profile_paths: description: | Configrue IPv6 NDRA profile. Only one NDRA profile can be configured. items: type: string maxItems: 1 minItems: 0 title: |- IPv6 NDRA profile configuration type: array mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 64 title: |- MTU size type: integer segment_path: description: | Policy path of Segment to which interface is connected to. title: |- Policy path of Segment to attach interface type: string urpf_mode: default: STRICT description: |- Unicast Reverse Path Forwarding mode enum: - NONE - STRICT title: |- Unicast Reverse Path Forwarding mode type: string required: - segment_path type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-1 interface configuration for attaching services. title: |- Tier-1 interface configuration x-vmw-nsx-module: PolicyConnectivity Tier1InterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-1 Interface list results items: $ref: '#/definitions/Tier1Interface' title: |- Tier-1 Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-1 Interfaces title: |- Paged collection of Tier-1 Interfaces x-vmw-nsx-module: PolicyConnectivity Tier1ListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-1 list results items: $ref: '#/definitions/Tier1' title: |- Tier-1 list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-1 instances title: |- Paged collection of Tier-1 instances x-vmw-nsx-module: PolicyConnectivity TlsCertificate: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: details: description: |- list of X509Certificates. items: $ref: '#/definitions/X509Certificate' readOnly: true type: array pem_encoded: description: |- pem encoded certificate data. readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate TlsCertificateList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- TlsCertificate list. items: $ref: '#/definitions/TlsCertificate' readOnly: true type: array type: object x-vmw-nsx-module: PolicyCertificate description: |- Certificate queries result title: |- Certificate queries result x-vmw-nsx-module: PolicyCertificate TlsCrl: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: details: $ref: '#/definitions/X509Crl' description: |- Details of the X509Crl object. readOnly: true title: |- Details of the X509Crl object pem_encoded: description: |- Pem encoded crl data. title: |- Pem encoded crl data type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate TlsCrlListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- TlsCrl list results items: $ref: '#/definitions/TlsCrl' title: |- TlsCrl list results type: array required: - results type: object x-vmw-nsx-module: PolicyCertificate description: |- Paged Collection of TlsCrl title: |- Paged Collection of TlsCrl x-vmw-nsx-module: PolicyCertificate TlsListenerCertificate: description: | Returns the certificate and thumbprint of a remote TLS listener, if the listener is running and accepting requests. If the certificate cannot be retrieved, the result property describes the problem. properties: certificate: $ref: '#/definitions/X509Certificate' description: |- The certificate of the TLS listener. readOnly: true title: |- The certificate of the TLS listener result: description: |- Result of get certificate operation. enum: - SUCCESS - CONNECTION_TIMEOUT - NO_ROUTE_TO_HOST - CONNECTION_REFUSED title: |- Result of get certificate operation type: string thumbprint: description: |- The SHA-256 thumbprint of the TLS listener. readOnly: true title: |- The SHA-256 thumbprint of the TLS listener type: string title: |- Remote TLS Listener Certificate type: object x-vmw-nsx-module: PolicySiteGM TlsTrustData: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: key_algo: description: |- Key algorithm contained in this certificate. type: string passphrase: description: |- Password for private key encryption. readOnly: false type: string pem_encoded: description: |- pem encoded certificate data. readOnly: false type: string private_key: description: |- private key data readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate TnNodeStackSpanStatus: description: | List all the TNs spaned in L3PortMirrorSession mirror stack health status. properties: dedicated_stack_status: description: | Show the dedicated mirror stack health status, if the TN node has the mirror stack, it will show SUCCESS or it will show FAILED. enum: - UNKNOWN - SUCCESS - FAILED type: string detail: description: | Give the detail info for mirror stack and vmknic health status. If the stack or vmknic is FAILED, detail info will tell user reason why the stauts is FAILED. So that user can correct their configuration. title: |- give detail info and reason about the vmknic and statck status type: string last_updated_time: description: | TN miror stack status will be updated periodically, this item indicates the lastest timestamp of TN node stack status is updated. format: int64 type: integer tn_node_id: description: | For L3PortMirrorSession configured mirror stack, show the TN node UUID which spaned in L3PortMirrorSession. title: |- TN node ID that configured L3PortMirrorSession mirror stack type: string tn_node_name: description: | For L3PortMirrorSession configured mirror stack, show the TN node friendly name which spaned in L3PortMirrorSession. title: |- TN node name that configured L3SPAN mirror stack type: string vmknic_status: description: | Show the vmknic health status, if the vmknic has been bouned to mirror stack, it will show SUCCESS or it will show FAILED. enum: - UNKNOWN - SUCCESS - FAILED type: string required: - tn_node_name - dedicated_stack_status - vmknic_status - detail - last_updated_time title: |- List all L3PortMirrorSession TN nodes mirror stack health status type: object x-vmw-nsx-module: PortMirroring TokenBasedPrincipalIdentity: allOf: - $ref: '#/definitions/ManagedResource' - properties: is_protected: description: |- Indicator whether the entities created by this principal should be protected. readOnly: false title: |- Protection indicator type: boolean name: description: |- Name of the principal. This will be matched to the name provided in the token. maxLength: 255 readOnly: false title: |- Name type: string node_id: description: | Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string. maxLength: 255 readOnly: false title: |- Unique node-id type: string required: - node_id - name type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager TokenBasedPrincipalIdentityListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- TokenBasedPrincipalIdentity list. items: $ref: '#/definitions/TokenBasedPrincipalIdentity' readOnly: false type: array required: - results type: object x-vmw-nsx-module: CertificateManager description: |- Token-based PrincipalIdentity query result title: |- Token-based PrincipalIdentity query result x-vmw-nsx-module: CertificateManager Tooltip: description: |- Tooltip to be shown while hovering over the dashboard UI element. properties: condition: description: |- If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string heading: description: |- If true, displays tooltip text in bold title: |- Tooltip will be treated as header. type: boolean text: description: |- Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars. maxLength: 1024 title: |- Textbox shown at tooltip type: string required: - text title: |- Tooltip type: object x-vmw-nsx-module: NsxDashboard TraceflowConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_transient: default: true description: |- This field indicates if intent is transient and will be cleaned up by the system if set to true title: |- Marker to indicate if intent is transient type: boolean packet: $ref: '#/definitions/PacketData' description: |- Configuration of packet data title: |- Packet configuration segment_port_path: description: |- Segment Port Path or UUID title: |- Segment Port Path or UUID type: string timeout: default: 10 description: | Maximum time in seconds the management plane will wait for observation result to be sent by opsAgent. format: int64 maximum: 15 minimum: 5 title: |- Timeout for traceflow observation results type: integer required: - packet - segment_port_path type: object x-vmw-nsx-module: PolicyConnectivity description: |- Traceflow configuration title: |- Traceflow configuration x-vmw-nsx-module: PolicyConnectivity TrafficRateLimits: description: |- Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type properties: rx_broadcast: default: 0 description: |- Incoming broadcast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Broadcast receive limit type: integer rx_multicast: default: 0 description: |- Incoming multicast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Multicast receive limit type: integer tx_broadcast: default: 0 description: |- Outgoing broadcast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Broadcast transmit limit type: integer tx_multicast: default: 0 description: |- Outgoing multicast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Multicast transmit limit type: integer title: |- Rate limiting configuration type: object x-vmw-nsx-module: PolicySegmentSecurity TransportInfo: properties: dst_port: description: |- Destination port format: int64 maximum: 65535 minimum: 0 title: |- Destination port type: integer protocol: description: |- Protocol type over IP layer enum: - TCP - UDP - ICMPv4 - ICMPv6 title: |- Protocol type over IP layer type: string src_port: description: |- Source port format: int64 maximum: 65535 minimum: 0 title: |- Source port type: integer type: object x-vmw-nsx-module: LiveTrace TransportNodeIdParameters: allOf: - $ref: '#/definitions/DataSourceParameters' - properties: transport_node_id: description: |- TransportNode Id title: |- TransportNode Id type: string type: object x-vmw-nsx-module: AggSvcL2Types x-vmw-nsx-module: AggSvcL2Types TransportNodeSpanEnforcedStatus: allOf: - $ref: '#/definitions/EnforcedStatusPerScopeNsxT' - properties: enforced_status_per_transport_node: description: |- List of Detailed Realized Status per Transport Node. items: $ref: '#/definitions/EnforcedStatusPerTransportNode' readOnly: true title: |- List of Enforced Realized Status per Transport Node type: array type: object x-vmw-nsx-module: PolicyRealizationStatus description: | Detailed Realized Status of an Intent on a span of Transport Nodes. title: |- Enforced Realized Status across Transport Nodes x-vmw-nsx-module: PolicyRealizationStatus TransportProtocolHeader: properties: dhcp_header: $ref: '#/definitions/DhcpHeader' description: |- DHCP header title: |- DHCP header dhcpv6_header: $ref: '#/definitions/Dhcpv6Header' description: |- DHCP v6 header title: |- DHCP v6 header dns_header: $ref: '#/definitions/DnsHeader' description: |- DNS header title: |- DNS header icmp_echo_request_header: $ref: '#/definitions/IcmpEchoRequestHeader' description: |- ICMP echo request header title: |- ICMP echo request header ndp_header: $ref: '#/definitions/NdpHeader' description: |- Neighbor discovery protocol header title: |- Neighbor discovery protocol header tcp_header: $ref: '#/definitions/TcpHeader' description: |- TCP header title: |- TCP header udp_header: $ref: '#/definitions/UdpHeader' description: |- UDP header title: |- UDP header type: object x-vmw-nsx-module: Traceflow TrustManagementData: properties: supported_algorithms: description: |- List of supported algorithms. items: $ref: '#/definitions/CryptoAlgorithm' readOnly: true type: array type: object x-vmw-nsx-module: CertificateManager TrustObjectData: allOf: - $ref: '#/definitions/ManagedResource' - properties: key_algo: description: |- Key algorithm contained in this certificate. type: string passphrase: description: |- Password for private key encryption. readOnly: false type: string pem_encoded: description: |- PEM encoded certificate data. readOnly: false type: string private_key: description: |- Private key data. readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: CertificateManager x-vmw-nsx-module: CertificateManager TunnelInterfaceIPSubnet: properties: ip_addresses: description: |- IPv4 Addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- IPv4 Addresses type: array prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 31 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: PolicyIPSecVpn TunnelSubnet: properties: ip_addresses: description: |- Subnet ip addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- Subnet ip addresses type: array uniqueItems: true prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 31 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: PolicyL3Vpn UdpHeader: properties: dst_port: default: 0 description: |- Destination port of udp header format: int64 maximum: 65535 minimum: 0 title: |- Destination port of udp header type: integer src_port: default: 0 description: |- Source port of udp header format: int64 maximum: 65535 minimum: 0 title: |- Source port of udp header type: integer type: object x-vmw-nsx-module: Traceflow UdpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - properties: receive: description: | Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. title: |- expected data received from server type: string send: description: | The data to be sent to the monitored server. title: |- data to send type: string required: - receive - send type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over UDP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over UDP x-vmw-nsx-module: TempPolicyLoadBalancer UdpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over UDP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over UDP x-vmw-nsx-module: TempPolicyLoadBalancer UnaryOperation: description: |- Unary Operation. properties: operand: $ref: '#/definitions/ResourceFieldPointer' description: |- Represents an argument of the operation pointing to a specific field value. title: |- Operand operator: description: |- Logical Operator describing the operation to apply to the operand. enum: - APPEND - SUBTRACT title: |- Operator type: string required: - operator - operand title: |- Unary Operation type: object x-vmw-nsx-module: PolicyReaction UnaryOperationBasedInjectionValue: allOf: - $ref: '#/definitions/InjectionValue' - properties: initial_value: $ref: '#/definitions/ResourceFieldPointer' description: | Resource field pointer representing the initial value for the injection value. If an operation is supplied, the value is handed to the operation function to produce a final result. title: |- Intitial value operation: $ref: '#/definitions/UnaryOperation' description: |- Represents an optional operation to be done on the initial value. title: |- Operation Function required: - initial_value type: object x-vmw-nsx-module: PolicyReaction description: |- Operation based Injection Value. title: |- Operation based Injection Value x-vmw-nsx-module: PolicyReaction UnboundedKeyValuePair: description: |- A key-value pair with no limitations on size properties: key: description: |- Key readOnly: false title: |- Key type: string value: description: |- Value readOnly: false title: |- Value type: string required: - value - key title: |- A key-value pair with no limitations on size type: object x-vmw-nsx-module: Common UpdateOidcEndPointThumbprintRequest: allOf: - $ref: '#/definitions/ManagedResource' - properties: oidc_uri: description: |- URI where to download the meta-data of the OIDC end-point. maxLength: 255 readOnly: false title: |- OpenID Connect end-point URI type: string thumbprint: description: |- Thumbprint of the OIDC URI to make an SSL connection. readOnly: false title: |- Thumbprint type: string required: - oidc_uri - thumbprint type: object x-vmw-nsx-module: CertificateManager description: | Request to update the thumbprint of an OpenID Connect end-point with a new thumbprint. title: |- Request to update the thumbprint of an OpenId Connect end-point x-vmw-nsx-module: CertificateManager UpdatePrincipalIdentityCertificateRequest: allOf: - $ref: '#/definitions/ManagedResource' - properties: certificate_id: description: |- Id of the stored certificate. readOnly: false title: |- Id of the stored certificate type: string principal_identity_id: description: |- Unique ID of the principal. maxLength: 255 readOnly: false title: |- Principal Identity ID type: string required: - principal_identity_id - certificate_id type: object x-vmw-nsx-module: CertificateManager description: | Request to update the certificate of a principal identity with a new certificate. title: |- Request to update the certificate of a principal identity x-vmw-nsx-module: CertificateManager UrlAlias: description: |- Short name or alias of a url. It is used to represent the url. properties: alias: description: |- Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $ (for example, $0). maxLength: 255 title: |- Url Alias Name type: string query: description: |- Search query to be applied, if any. If query string is not provided, it will be ignored. maxLength: 1024 title: |- Search query of the search api, if any type: string url: description: |- Url to fetch data from. maxLength: 1024 title: |- Url type: string required: - url title: |- Url Alias type: object x-vmw-nsx-module: NsxDashboard UserInfo: description: |- Authenticated User Info properties: roles: description: |- Permissions items: $ref: '#/definitions/NsxRole' readOnly: true title: |- Permissions type: array user_name: description: |- User Name readOnly: true title: |- User Name type: string title: |- Authenticated User Info type: object x-vmw-nsx-module: AAA ValueConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: operator: description: |- Operation to check for value list for resource attribute of constraint. enum: - INCLUDES - EXCLUDES - EQUALS title: |- Operation to check for value list for resource attribute of constraint. type: string values: description: |- List of values. items: type: string title: |- Array of values to perform operation. type: array x-deprecated: true values_with_type: $ref: '#/definitions/ConstraintValue' description: |- List of values. title: |- Array of values to perform operation. required: - operator type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level value constraint to constrain specified attribute value to the set of values to be allowed/not-allowed. Example - sourceGroups allowed to have only with list of groups. { "operator":"INCLUDES", "values":["/infra/services/HTTP", "/infra/services/HTTPS"] } title: |- Represents the leaf level value constraint. x-vmw-nsx-module: PolicyConstraints VersionList: allOf: - $ref: '#/definitions/ManagedResource' - properties: acceptable_versions: description: |- List of component versions items: type: string title: |- List of component versions type: array required: - acceptable_versions type: object x-vmw-nsx-module: VersionWhitelist x-vmw-nsx-module: VersionWhitelist VidmInfo: description: |- Vidm Info properties: display_name: description: |- User's Full Name Or User Group's Display Name readOnly: true title: |- User's Full Name Or User Group's Display Name type: string name: description: |- Username Or Groupname readOnly: true title: |- Username Or Groupname type: string type: description: |- Type enum: - remote_user - remote_group readOnly: true title: |- Type type: string title: |- Vidm Info type: object x-vmw-nsx-module: AAA VidmInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/VidmInfo' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA View: allOf: - $ref: '#/definitions/ManagedResource' - properties: display_name: description: |- Title of the widget. maxLength: 255 title: |- Widget Title type: string exclude_roles: description: |- Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified. maxLength: 1024 title: |- Roles to which the shared view is not visible type: string include_roles: description: |- Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. maxLength: 1024 title: |- Roles to which the shared view is visible type: string shared: default: false description: |- Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users. title: |- Share the view with other users type: boolean weight: default: 10000 description: |- Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order. format: int32 title: |- Weightage or placement of the view type: integer widgets: description: |- Array of widgets that are part of the view. items: $ref: '#/definitions/WidgetItem' minItems: 0 title: |- Widgets type: array required: - widgets - display_name type: object x-vmw-nsx-module: NsxDashboard description: |- Describes the configuration of a view to be displayed on the dashboard. title: |- Dashboard View x-vmw-nsx-module: NsxDashboard ViewList: description: |- Represents a list of views. properties: views: description: |- Array of views items: $ref: '#/definitions/View' readOnly: true title: |- Array of views type: array title: |- List of Views type: object x-vmw-nsx-module: NsxDashboard VirtualEndpoint: allOf: - $ref: '#/definitions/BaseEndpoint' - properties: service_names: description: |- One VirtualEndpoint will be created per service name. items: type: string maxItems: 1 minItems: 1 readOnly: false title: |- Services for which this endpoint to be created type: array required: - service_names type: object x-vmw-nsx-module: PolicyServiceInsertion description: | A VirtualEndpoint represents an IP (or nexthop) which is outside SDDC. It represents a redirection target for RedirectionPolicy. title: |- This endpoint is strictly of the type Virtual x-vmw-nsx-module: PolicyServiceInsertion VirtualMachine: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: compute_ids: description: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] items: type: string title: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] type: array external_id: description: |- Current external id of this virtual machine in the system. title: |- Current external id of this virtual machine in the system. type: string guest_info: $ref: '#/definitions/GuestInfo' description: | Guest virtual machine details include OS name, computer name of guest VM. Currently this is supported for guests on ESXi that have VMware Tools installed. title: |- Guest virtual machine details host_id: description: |- Id of the host in which this virtual machine exists. title: |- Id of the host in which this virtual machine exists. type: string local_id_on_host: description: |- Id of the vm unique within the host. title: |- Id of the vm unique within the host. type: string power_state: description: |- Current power state of this virtual machine in the system. enum: - VM_RUNNING - VM_STOPPED - VM_SUSPENDED - UNKNOWN title: |- Current power state of this virtual machine in the system. type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the Host or Public Cloud Gateway that reported the VM title: |- Reference of the Host or Public Cloud Gateway that reported the VM type: description: |- Virtual Machine type; Edge, Service VM or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Virtual Machine type; Edge, Service VM or other. type: string required: - local_id_on_host - external_id - power_state - compute_ids type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualNetworkInterface: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: device_key: description: |- Device key of the virtual network interface. title: |- Device key of the virtual network interface. type: string device_name: description: |- Device name of the virtual network interface. title: |- Device name of the virtual network interface. type: string external_id: description: |- External Id of the virtual network inferface. title: |- External Id of the virtual network inferface. type: string host_id: description: |- Id of the host on which the vm exists. title: |- Id of the host on which the vm exists. type: string ip_address_info: description: |- IP Addresses of the the virtual network interface, from various sources. items: $ref: '#/definitions/IpAddressInfo' title: |- IP Addresses of the the virtual network interface, from various sources. type: array lport_attachment_id: description: |- LPort Attachment Id of the virtual network interface. title: |- LPort Attachment Id of the virtual network interface. type: string mac_address: description: |- MAC address of the virtual network interface. title: |- MAC address of the virtual network interface. type: string owner_vm_id: description: |- Id of the vm to which this virtual network interface belongs. title: |- Id of the vm to which this virtual network interface belongs. type: string owner_vm_type: description: |- Owner virtual machine type; Edge, Service VM or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Owner virtual machine type; Edge, Service VM or other. type: string vm_local_id_on_host: description: |- Id of the vm unique within the host. title: |- Id of the vm unique within the host. type: string required: - device_key - owner_vm_id - vm_local_id_on_host - mac_address - host_id - external_id type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualNetworkInterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- VirtualNetworkInterface list results items: $ref: '#/definitions/VirtualNetworkInterface' title: |- VirtualNetworkInterface list results type: array required: - results type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualPortgroup: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- Id of the portgroup, eg. a mo-ref from VC. readOnly: true title: |- Id of the portgroup in compute manager type: string external_id: description: |- External id of the virtual portgroup readOnly: true title: |- External id of the virtual portgroup type: string origin_type: description: |- Portgroup type like DistributedVirtualPortgroup readOnly: true title: |- Portgroup type like DistributedVirtualPortgroup type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Virtual portgroup on a virtual switch title: |- Virtual portgroup on a virtual switch x-vmw-nsx-module: InventoryCmObj VirtualSwitch: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- ID of the virtual switch in compute manager readOnly: true title: |- ID of the virtual switch in compute manager type: string external_id: description: |- External id of the virtual switch readOnly: true title: |- External id of the virtual switch type: string origin_id: description: | ID of the compute manager where this virtual switch is discovered. readOnly: true title: |- ID of the compute manager type: string origin_type: description: |- Switch type like VmwareDistributedVirtualSwitch readOnly: true title: |- Switch type like VmwareDistributedVirtualSwitch type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Virtual switch on a compute manager title: |- Virtual switch on a compute manager x-vmw-nsx-module: InventoryCmObj VlanVniRangePair: description: |- Vlan-Vni mapping pair resource in EvpnTenantConfig for ROUTE-SERVER Evpn mode properties: vlans: description: |- List of VLAN ids and VLAN ranges (specified with '-'). title: |- List of VLAN ids type: string vnis: description: |- List of VNI ids and VNI ranges (specified with '-'). The vni id is used for VXLAN transmission for a given tenant Vlan ID in ROUTE-SERVER Evpn. title: |- List of VNI ids type: string required: - vnis - vlans title: |- Vlan Vni pair resource type: object x-vmw-nsx-module: PolicyConnectivity VmToolsInfo: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: external_id: description: |- Current external id of this virtual machine in the system. readOnly: true title: |- VM external ID type: string file_agent_version: description: |- Version of file agent on the VM of a third party partner solution. readOnly: true title: |- File agent version on the VM type: string host_local_id: description: |- Id of the VM which is assigned locally by the host. It is the VM-moref on ESXi hosts, in other environments it is VM UUID. readOnly: true title: |- VM ID given by the host type: string network_agent_version: description: |- Version of network agent on the VM of a third party partner solution. readOnly: true title: |- Network agent version on the VM type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the Host or Public Cloud Gateway that reported the VM. readOnly: true title: |- Reference of the Host or Public Cloud Gateway that reported the VM. svm_connectivity: description: |- Endpoint Protection (Third party AV partner using NXGI) status on the VM. TRUE - VM is configured and protected by EPP Service VM. FALSE - VM is either not configured for protection or VM is disconnected from EPP Service VM. readOnly: true title: |- Endpoint Protection status on the VM type: boolean tools_version: description: |- Version of VMTools installed on the VM. readOnly: true title: |- VM tools version on the VM type: string vm_type: description: |- Type of VM - Edge, Service or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Virtual Machine type type: string type: object x-vmw-nsx-module: VmToolsInfo x-vmw-nsx-module: VmToolsInfo VniPoolConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: end: description: |- End value of VNI Pool range format: int32 maximum: 16777215 minimum: 75001 title: |- End value of VNI Pool range type: integer start: description: |- Start value of VNI Pool range format: int32 maximum: 16777215 minimum: 75001 title: |- Start value of VNI Pool range type: integer required: - start - end type: object x-vmw-nsx-module: PolicyConnectivity description: |- Vni Pool Configuration. title: |- Vni Pool Config x-vmw-nsx-module: PolicyConnectivity VrfEvpnL2VniConfig: properties: enable_vtep_groups: default: false description: | This is used to enable or disable the creation of vtep groups. Each vtep group is used to group vteps with the same MAC for L2 ECMP usage. title: |- Flag to enable or disable the creation of vtep groups type: boolean l2_vni_configs: description: | Define L2 VNI and its related route distinguiser and route targets. items: $ref: '#/definitions/VrfL2VniConfig' maxItems: 1 minItems: 1 title: |- L2 VNI configurations associated with the VRF type: array required: - l2_vni_configs type: object x-vmw-nsx-module: PolicyConnectivity VrfL2VniConfig: properties: l2_vni: description: | L2 VNI associated with the VRF. It must be unique and available from the VNI pool defined for EVPN service. format: int32 title: |- L2 VNI associated with the VRF type: integer route_distinguisher: description: | This is a 64 bit number which disambiguates overlapping logical networks, with format in IPAddress: or ASN:. title: |- The unique route distinguisher for the virtual routing and forwarding instance type: string route_targets: description: |- Route targets. items: $ref: '#/definitions/VrfRouteTargets' maxItems: 1 minItems: 1 title: |- Route targets type: array required: - l2_vni - route_targets - route_distinguisher type: object x-vmw-nsx-module: PolicyConnectivity VrfRouteTargets: description: |- Vrf Route Targets for import/export. properties: address_family: default: L2VPN_EVPN description: |- Address family. enum: - L2VPN_EVPN title: |- Address family type: string export_route_targets: description: |- Export route targets with format in ASN:. items: type: string title: |- Export route targets type: array import_route_targets: description: |- Import route targets with format in ASN:. items: type: string title: |- Import route targets type: array title: |- Vrf Route Targets type: object x-vmw-nsx-module: PolicyConnectivity VrniGlobalCollector: allOf: - $ref: '#/definitions/GlobalCollectorConfig' - properties: report_interval: default: 30 description: |- Report interval for operation data in seconds. format: int32 maximum: 1800 minimum: 1 title: |- Report interval for operation data in seconds type: integer required: - report_interval type: object x-vmw-nsx-module: Policy description: |- NSX global configs for VRNI global collector title: |- NSX global configs for VRNI global collector x-vmw-nsx-module: Policy WaveFrontGlobalCollector: allOf: - $ref: '#/definitions/GlobalCollectorConfig' - type: object x-vmw-nsx-module: Policy description: |- NSX global configs for WAVE_FRONT global collector title: |- NSX global configs for WAVE_FRONT global collector x-vmw-nsx-module: Policy WeeklyBackupSchedule: allOf: - $ref: '#/definitions/BackupSchedule' - properties: days_of_week: description: |- Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... items: format: int64 type: integer maxItems: 7 minItems: 1 title: |- Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... type: array uniqueItems: true hour_of_day: description: |- Time of day when backup is taken format: int64 maximum: 23 minimum: 0 title: |- Time of day when backup is taken type: integer minute_of_day: description: |- Time of day when backup is taken format: int64 maximum: 59 minimum: 0 title: |- Time of day when backup is taken type: integer required: - days_of_week - minute_of_day - hour_of_day type: object x-vmw-nsx-module: BackupConfiguration description: |- Schedule to specify day of the week and time to take automated backup title: |- Schedule to specify day of the week and time to take automated backup x-vmw-nsx-module: BackupConfiguration WidgetConfiguration: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: datasources: description: |- The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. items: $ref: '#/definitions/Datasource' minItems: 0 title: |- Array of Datasource Instances with their relative urls type: array default_filter_value: description: |- Default filter values to be passed to datasources. This will be used when the report is requested without filter values. items: $ref: '#/definitions/DefaultFilterValue' title: |- Default filter value to be passed to datasources type: array display_name: description: |- Title of the widget. If display_name is omitted, the widget will be shown without a title. maxLength: 255 title: |- Widget Title type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. maxLength: 255 title: |- Id of drilldown widget type: string feature_set: $ref: '#/definitions/FeatureSet' description: |- Features required to view the widget. title: |- Features required to view the widget filter: description: |- Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. title: |- Id of filter widget for subscription type: string filter_value_required: default: true description: |- Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. title: |- Flag to indicate if filter value is necessary type: boolean footer: $ref: '#/definitions/Footer' icons: description: |- Icons to be applied at dashboard for widgets and UI elements. items: $ref: '#/definitions/Icon' title: |- Icons type: array is_drilldown: default: false description: |- Set to true if this widget should be used as a drilldown. title: |- Set as a drilldown widget type: boolean legend: $ref: '#/definitions/Legend' description: |- Legend to be displayed. If legend is not needed, do not include it. title: |- Legend for the widget resource_type: description: |- Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration and DropdownFilterWidgetConfiguration. enum: - LabelValueConfiguration - DonutConfiguration - MultiWidgetConfiguration - ContainerConfiguration - StatsConfiguration - GridConfiguration - GraphConfiguration - CustomWidgetConfiguration - DropdownFilterWidgetConfiguration maxLength: 255 readOnly: true title: |- Widget visualization type type: string shared: description: |- Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. title: |- Visiblity of widgets to other users type: boolean x-deprecated: true span: description: |- Represents the horizontal span of the widget / container. format: int32 maximum: 12 minimum: 1 title: |- Horizontal span type: integer weight: description: |- Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. format: int32 title: |- Weightage or placement of the widget or container type: integer x-deprecated: true required: - resource_type type: object x-vmw-nsx-module: NsxDashboard description: |- Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general. title: |- Dashboard Widget Configuration x-vmw-nsx-module: NsxDashboard WidgetConfigurationList: description: |- Represents a list of widget configurations. properties: widgetconfigurations: description: |- Array of widget configurations items: $ref: '#/definitions/WidgetConfiguration' readOnly: true title: |- Array of widget configurations type: array title: |- List of Widget Configurations type: object x-vmw-nsx-module: NsxDashboard WidgetItem: description: |- Represents a reference to a widget that is held by a container or a multi-widget or a View. properties: alignment: default: LEFT description: |- Aligns widget either left or right. enum: - LEFT - RIGHT title: |- Alignment of widget inside container type: string label: $ref: '#/definitions/Label' description: |- Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report. title: |- Label of the the report separator: default: false description: |- If true, separates this widget in a container. title: |- A separator after this widget type: boolean weight: default: 10000 description: |- Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order. format: int32 title: |- Weightage or placement of the widget or container type: integer widget_id: description: |- Id of the widget configuration that is held by a multi-widget or a container or a view. maxLength: 255 title: |- Id of the widget configuration type: string required: - widget_id title: |- Widget held by MultiWidgetConfiguration or Container or a View type: object x-vmw-nsx-module: NsxDashboard X509Certificate: properties: dsa_public_key_g: description: |- One of the DSA cryptogaphic algorithm's strength parameters, base. readOnly: true type: string dsa_public_key_p: description: |- One of the DSA cryptogaphic algorithm's strength parameters, prime. readOnly: true type: string dsa_public_key_q: description: |- One of the DSA cryptogaphic algorithm's strength parameters, sub-prime. readOnly: true type: string dsa_public_key_y: description: |- One of the DSA cryptogaphic algorithm's strength parameters. readOnly: true type: string ecdsa_curve_name: description: |- The Curve name for the ECDSA certificate. readOnly: true title: |- ECDSA Curve Name type: string ecdsa_ec_field: description: |- Represents an elliptic curve (EC) finite field in ECDSA. enum: - F2M - FP readOnly: true title: |- ECDSA Elliptic Curve Finite Field type: string ecdsa_ec_field_f2mks: description: |- The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) | characteristic 2 finite field.| Contents of this array are copied to protect against subsequent modification in ECDSA. items: format: int64 type: integer readOnly: true title: |- ECDSA Elliptic Curve F2MKS type: array ecdsa_ec_field_f2mm: description: |- The first coefficient of this elliptic curve in elliptic curve (EC) | characteristic 2 finite field for ECDSA. format: int64 readOnly: true title: |- ECDSA Elliptic Curve F2MM type: integer ecdsa_ec_field_f2mrp: description: |- The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial | in elliptic curve (EC) characteristic 2 finite field for ECDSA. readOnly: true title: |- ECDSA Elliptic Curve F2MRP type: string ecdsa_ec_field_f2pp: description: |- The specified prime for the elliptic curve prime finite field in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve F2PP type: string ecdsa_public_key_a: description: |- The first coefficient of this elliptic curve in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key A type: string ecdsa_public_key_b: description: |- The second coefficient of this elliptic curve in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key B type: string ecdsa_public_key_cofactor: description: |- The co-factor in ECDSA. format: int64 readOnly: true title: |- ECDSA Elliptic Curve Public Key Cofactor type: integer ecdsa_public_key_generator_x: description: |- X co-ordinate of G (the generator which is also known as the base point) in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key X type: string ecdsa_public_key_generator_y: description: |- Y co-ordinate of G (the generator which is also known as the base point) in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key Y type: string ecdsa_public_key_order: description: |- The order of generator G in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key Order type: string ecdsa_public_key_seed: description: |- The bytes used during curve generation for later validation in ECDSA.| Contents of this array are copied to protect against subsequent modification. items: type: string readOnly: true title: |- ECDSA Elliptic Curve Public Key Seed type: array is_ca: description: |- True if this is a CA certificate. readOnly: true type: boolean is_valid: description: |- True if this certificate is valid. readOnly: true type: boolean issuer: description: |- The certificate issuers complete distinguished name. readOnly: true type: string issuer_cn: description: |- The certificate issuer's common name. readOnly: true type: string not_after: description: |- The time in epoch milliseconds at which the certificate becomes invalid. format: int64 readOnly: true type: integer not_before: description: |- The time in epoch milliseconds at which the certificate becomes valid. format: int64 readOnly: true type: integer public_key_algo: description: |- Cryptographic algorithm used by the public key for data encryption. enum: - RSA - DSA - ECDSA readOnly: true title: |- Public Key Algorithm type: string public_key_length: description: |- Size measured in bits of the public/private keys used in a cryptographic algorithm. format: int64 readOnly: true type: integer rsa_public_key_exponent: description: |- An RSA public key is made up of the modulus and the public exponent. Exponent is a power number. readOnly: true type: string rsa_public_key_modulus: description: |- An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number. readOnly: true type: string serial_number: description: |- Certificate's serial number. readOnly: true type: string signature: description: |- The signature value(the raw signature bits) used for signing and validate the cert. readOnly: true type: string signature_algorithm: description: |- The algorithm used by the Certificate Authority to sign the certificate. readOnly: true type: string subject: description: |- The certificate owners complete distinguished name. readOnly: true type: string subject_cn: description: |- The certificate owner's common name. readOnly: true type: string version: description: |- Certificate version (default v1). readOnly: true type: string type: object x-vmw-nsx-module: CertificateManager X509Crl: description: |- A CRL is a time-stamped list identifying revoked certificates. properties: crl_entries: description: |- List of X509CrlEntry. items: $ref: '#/definitions/X509CrlEntry' readOnly: true type: array issuer: description: |- Issuer's distinguished name. (DN) readOnly: true type: string next_update: description: |- Next update time for the CRL. readOnly: true type: string version: description: |- CRL's version number either 1 or 2. readOnly: true type: string title: |- A CRL is a time-stamped list identifying revoked certificates. type: object x-vmw-nsx-module: CertificateManager X509CrlEntry: description: |- Each revoked certificate is identified in a CRL by its certificate serial number. properties: revocation_date: description: |- Revocation date. readOnly: true type: string serial_number: description: |- The revoked certificate's serial number. readOnly: true type: string title: |- Each revoked certificate is identified in a CRL by its certificate serial number. type: object x-vmw-nsx-module: CertificateManager parameters: {} responses: BadGateway: description: Bad Gateway schema: $ref: '#/definitions/ApiError' BadRequest: description: Bad Request schema: $ref: '#/definitions/ApiError' BandwidthLimitExceeded: description: Bandwidth Limit Exceeded schema: $ref: '#/definitions/ApiError' BlockedbyWindowsParentalControls: description: Blocked by Windows Parental Controls schema: $ref: '#/definitions/ApiError' ClientClosedRequest: description: Client Closed Request schema: $ref: '#/definitions/ApiError' Conflict: description: Conflict schema: $ref: '#/definitions/ApiError' EnhanceYourCalm: description: Enhance Your Calm schema: $ref: '#/definitions/ApiError' ExpectationFailed: description: Expectation Failed schema: $ref: '#/definitions/ApiError' FailedDependency: description: Failed Dependency schema: $ref: '#/definitions/ApiError' Forbidden: description: Forbidden schema: $ref: '#/definitions/ApiError' GatewayTimeout: description: Gateway Timeout schema: $ref: '#/definitions/ApiError' Gone: description: Gone schema: $ref: '#/definitions/ApiError' HTTPVersionNotSupported: description: HTTP Version Not Supported schema: $ref: '#/definitions/ApiError' Iamateapot: description: I am a teapot schema: $ref: '#/definitions/ApiError' InsufficientStorage: description: Insufficient Storage schema: $ref: '#/definitions/ApiError' InternalServerError: description: Internal Server Error schema: $ref: '#/definitions/ApiError' LengthRequired: description: Length Required schema: $ref: '#/definitions/ApiError' Locked: description: Locked schema: $ref: '#/definitions/ApiError' LoopDetected: description: Loop Detected schema: $ref: '#/definitions/ApiError' MethodNotAllowed: description: Method Not Allowed schema: $ref: '#/definitions/ApiError' NetworkAuthenticationRequired: description: Network Authentication Required schema: $ref: '#/definitions/ApiError' NoResponse: description: No Response schema: $ref: '#/definitions/ApiError' NotAcceptable: description: Not Acceptable schema: $ref: '#/definitions/ApiError' NotExtended: description: Not Extended schema: $ref: '#/definitions/ApiError' NotFound: description: Not Found schema: $ref: '#/definitions/ApiError' NotImplemented: description: Not Implemented schema: $ref: '#/definitions/ApiError' PaymentRequired: description: Payment Required schema: $ref: '#/definitions/ApiError' PreconditionFailed: description: Precondition Failed schema: $ref: '#/definitions/ApiError' PreconditionRequired: description: Precondition Required schema: $ref: '#/definitions/ApiError' ProxyAuthenticationRequired: description: Proxy Authentication Required schema: $ref: '#/definitions/ApiError' Request-URITooLong: description: Request-URI Too Long schema: $ref: '#/definitions/ApiError' RequestEntityTooLarge: description: Request Entity Too Large schema: $ref: '#/definitions/ApiError' RequestHeaderFieldsTooLarge: description: Request Header Fields Too Large schema: $ref: '#/definitions/ApiError' RequestTimeout: description: Request Timeout schema: $ref: '#/definitions/ApiError' RequestedRangeNotSatisfiable: description: Requested Range Not Satisfiable schema: $ref: '#/definitions/ApiError' ReservedforWebDAV: description: Reserved for WebDAV schema: $ref: '#/definitions/ApiError' RetryWith: description: Retry With schema: $ref: '#/definitions/ApiError' ServiceUnavailable: description: Service Unavailable schema: $ref: '#/definitions/ApiError' TooManyRequests: description: Too Many Requests schema: $ref: '#/definitions/ApiError' Unauthorized: description: Unauthorized schema: $ref: '#/definitions/ApiError' UnavailableForLegalReasons: description: Unavailable For Legal Reasons schema: $ref: '#/definitions/ApiError' UnprocessableEntity: description: Unprocessable Entity schema: $ref: '#/definitions/ApiError' UnsupportedMediaType: description: Unsupported Media Type schema: $ref: '#/definitions/ApiError' UpgradeRequired: description: Upgrade Required schema: $ref: '#/definitions/ApiError' VariantAlsoNegotiates: description: Variant Also Negotiates schema: $ref: '#/definitions/ApiError'