| API Description | API Path |
|---|---|
Get PolicyContextProfilesGet all PolicyContextProfiles |
GET /policy/api/v1/infra/context-profiles
GET /policy/api/v1/global-infra/context-profiles |
Delete Policy Context ProfileDeletes the specified Policy Context Profile. If the Policy Context Profile is consumed in a firewall rule, it won't get deleted. |
DELETE /policy/api/v1/infra/context-profiles/<context-profile-id>
DELETE /policy/api/v1/global-infra/context-profiles/<context-profile-id> |
Get PolicyContextProfileGet a single PolicyContextProfile by id |
GET /policy/api/v1/infra/context-profiles/<context-profile-id>
GET /policy/api/v1/global-infra/context-profiles/<context-profile-id> |
Create PolicyContextProfileCreates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes |
PATCH /policy/api/v1/infra/context-profiles/<context-profile-id>
PATCH /policy/api/v1/global-infra/context-profiles/<context-profile-id> |
Create PolicyContextProfileCreates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes |
PUT /policy/api/v1/infra/context-profiles/<context-profile-id>
PUT /policy/api/v1/global-infra/context-profiles/<context-profile-id> |
List Policy Context Profile supported attributes and sub-attributesReturns supported attribute and sub-attributes for specified attribute key with their supported values, if provided in query/request parameter, else will fetch all supported attributes and sub-attributes for all supported attribute keys. Alternatively, to get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes |
GET /policy/api/v1/infra/context-profiles/attributes
GET /policy/api/v1/global-infra/context-profiles/attributes |
Update custom object attribute value list for given attribute keyThis API updates custom attribute value list for given key. |
PATCH /policy/api/v1/infra/context-profiles/custom-attributes
PATCH /policy/api/v1/global-infra/context-profiles/custom-attributes |
Adds/Removes custom attribute values from listThis API adds/removes custom attribute values from list for a given attribute key. |
POST /policy/api/v1/infra/context-profiles/custom-attributes
POST /policy/api/v1/global-infra/context-profiles/custom-attributes |
List Groups for a domainList Groups for a domain. Groups can be filtered using member_types query parameter, which returns the groups that contains the specified member types. Multiple member types can be provided as comma separated values. The API also return groups having member type that are subset of provided member_types. |
GET /policy/api/v1/infra/domains/<domain-id>/groups
GET /policy/api/v1/global-infra/domains/<domain-id>/groups |
Delete GroupDelete Group |
DELETE /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
|
Read groupRead group |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id> |
Patch a groupIf a group with the group-id is not already present, create a new group. If it already exists, patch the group. |
PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
|
Create or update a groupIf a group with the group-id is not already present, create a new group. If it already exists, update the group. Avoid creating groups with multiple MACAddressExpression and IPAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression and IPAddressExpression along with other expressions. To group IPAddresses or MACAddresses, use nested groups instead of multiple IPAddressExpressions/MACAddressExpression. |
PUT /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
|
Delete Group External ID ExpressionDelete Group External ID Expression |
DELETE /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/external-id-expressions/<expression-id>
|
Patch a group external ID expressionIf a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison. If it already exists, replace the existing ExternalIDexpression. |
PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/external-id-expressions/<expression-id>
|
Add or Remove external id based members from/to a GroupIt will add or remove the specified members having external ID for a given expression of a group. |
POST /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/external-id-expressions/<expression-id>
|
Delete Group IPAddressExpressionDelete Group IPAddressExpression |
DELETE /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/ip-address-expressions/<expression-id>
|
Patch a group IP Address expressionIf a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression. If it already exists, replace the existing IPAddressExpression. |
PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/ip-address-expressions/<expression-id>
|
Add or Remove IP Addresses from/to a GroupIt will add or remove the specified IP Addresses from a given expression of a group. |
POST /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/ip-address-expressions/<expression-id>
|
Delete Group MACAddressExpressionDelete Group MACAddressExpression |
DELETE /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/mac-address-expressions/<expression-id>
|
Patch a group MAC Address expressionIf a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression. If it already exists, replace the existing MACAddressExpression. |
PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/mac-address-expressions/<expression-id>
|
Add or Remove MAC Addresses from/to a GroupIt will add or remove the specified MAC Addresses from a given expression of a group. |
POST /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/mac-address-expressions/<expression-id>
|
Get member types for a given GroupIt retrieves member types for a given group. In case of nested groups, it calculates member types of child groups as well. Considers member type for members added via static members and dynamic membership criteria. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/member-types
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/member-types |
Get consolidated effective IPAddress translated from this group across siteReturns consolidated effective ip address members of the specified NSGroup. Applicable in case of federated environment. The response contains site-wise list of consolidated effective IP address members. In the response, for the local-site, the list will contain static and dynamicaly translated IPs. For the remote sites, the list will contain only the dynamically translated IPs. The static IPs will not be seen in the response of this API. Hence, user can refer to the local-site Ip response in the API results or the group definition to see the static IP membership of the Group. This API is applicable only for Global Groups containing (directly or via nesting) either VirtualMachine, VIF, Segment, SegmentPort or IPSet member type. Use the cursor value in the response to fetch the next page. If there is no cursor value for a response, it implies the last page in the results for the query. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/consolidated-effective-ip-addresses
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/consolidated-effective-ip-addresses |
Get IP addresses that belong to this GroupGet IP addresses that belong to this Group. This API is applicable for Groups containing either VirtualMachine, VIF, Segment ,Segment Port or IP Address member type.For Groups containing other member types,an empty list is returned |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/ip-addresses
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/ip-addresses |
Get logical ports that belong to this GroupGet logical ports that belong to this Group This API is applicable for Groups containing either VirtualMachine, VIF, Segment or Segment Port member type.For Groups containing other member types,an empty list is returned. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/logical-ports
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/logical-ports |
Get logical switches that belong to this GroupGet logical switches that belong to this Group. This API is applicable for Groups containing Segment member type. For Groups containing other member types, an empty list is returned. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/logical-switches
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/logical-switches |
Get segment ports that belong to this GroupGet segment ports that belong to this Group |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/segment-ports
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/segment-ports |
Get segments that belong to this GroupGet segments that belong to this Group |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/segments
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/segments |
Get Virtual Network Interface instances that belong to this GroupGet Virtual Network Interface instances that belong to this Group. This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types. For Groups containing other member types,an empty list is returned.target_id in response is external_id of VirtualNetworkInterface or VirtualMachine. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/vifs
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/vifs |
Get Virtual machines that belong to this GroupGet Virtual machines that belong to this Group. This API is applicable for Groups containing VirtualMachine,member type. For Groups containing other member types,an empty list is returned. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/members/virtual-machines
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/members/virtual-machines |
Delete Group Path ExpressionDelete Group Path Expression |
DELETE /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/path-expressions/<expression-id>
|
Patch a group path expressionIf a group path_expression with the expression-id is not already present, create a new pathexpresison. If it already exists, replace the existing pathexpression. |
PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/path-expressions/<expression-id>
|
Add or Remove path based members from/to a GroupIt will add or remove the specified members having path for a given expression of a group. |
POST /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/path-expressions/<expression-id>
|
Get effective VMs for the GroupGet the effective VM membership for the Group. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/statistics/virtual-machines
(Deprecated)
|
Get tags used to define conditions inside a GroupGet tags used to define conditions inside a Group. Also includes tags inside nested groups. |
GET /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>/tags
GET /policy/api/v1/global-infra/domains/<domain-id>/groups/<group-id>/tags |
Get groups for which the given object is a memberGet policy groups for which the given object is a member. In Federation environment, if the given object is a global entity (eg: global segment) and if the entity is not stretched to the site specified in the enforcement_point_path parameter,then the following is returned:- 1)If the entity is a member of any global group and that group is stretched to the enforcement_point_path site,then the API returns an empty list. 2)If the entity is not a member of any global group,this API returns an 'invalid path' error message. 3)If both the entity and its corresponding groups are stretched to the enforcement_point_path site , then the API returns the groups list. |
GET /policy/api/v1/infra/group-associations
GET /policy/api/v1/global-infra/group-associations |
Get groups for which the given IP address is a memberGet policy groups for which the given IP address is a member. |
GET /policy/api/v1/infra/ip-address-group-associations
GET /policy/api/v1/global-infra/ip-address-group-associations |
List Services for infraPaginated list of Services for infra. |
GET /policy/api/v1/infra/services
GET /policy/api/v1/global-infra/services |
Delete ServiceDelete Service |
DELETE /policy/api/v1/infra/services/<service-id>
|
Read a serviceRead a service |
GET /policy/api/v1/infra/services/<service-id>
GET /policy/api/v1/global-infra/services/<service-id> |
Patch a ServiceCreate a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, patch the service including the nested service entries. |
PATCH /policy/api/v1/infra/services/<service-id>
|
Create or update a ServiceCreate a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, update the service including the nested service entries. This is a full replace. |
PUT /policy/api/v1/infra/services/<service-id>
|
List Service entries for the given servicePaginated list of Service entries for the given service |
GET /policy/api/v1/infra/services/<service-id>/service-entries
GET /policy/api/v1/global-infra/services/<service-id>/service-entries |
Delete Service entryDelete Service entry |
DELETE /policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
|
Service entryService entry |
GET /policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
GET /policy/api/v1/global-infra/services/<service-id>/service-entries/<service-entry-id> |
Patch a ServiceEntryIf a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, patch the service entry. |
PATCH /policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
|
Create or update a ServiceEntryIf a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, update the service entry. |
PUT /policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
|
Get groups for which the given VM is a memberGet policy groups for which the given VM is a member. |
GET /policy/api/v1/infra/virtual-machine-group-associations
GET /policy/api/v1/global-infra/virtual-machine-group-associations |
Get groups for which the given VIF is a memberGet policy groups for which the given VIF is a member. |
GET /policy/api/v1/infra/virtual-network-interface-group-associations
GET /policy/api/v1/global-infra/virtual-network-interface-group-associations |