I am assigning security tags to each of my servers for the 4 following attributes:
Location
Environment (production, test, etc.)
Customer
Role (Oracle, MSSQL, MYSQL, etc)
I need to create security groups that use combination of these tags for dynamic membership.
For example,
a security group called "PROD-CUSTOMER1-Oracle" would include servers that have all three of the following tags assigned:
ST-ENV-PROD
ST-CUSTOMER-CUSTOMER1
ST-ROLE-ORACLE
a security group called "TEST-CUSTOMER2-MYSQL" would include servers that have all three of the following tags assigned:
ST-ENV-TEST
ST-CUSTOMER-CUSTOMER2
ST-ROLEMYSQL
Can you create a SG with name "PROD-CUSTOMER1-Oracle" and include all tags you want.
I can create a security group just fine with PowerNSX, but the syntax for creating a dynamic rule using 3 security tags while changing the logic from "Any" to "All" is what I need.
Firstly you should be using "Security Tag" and "Equals To". The recommended method to achieve what you want is to use Entity Belongs To. If you've already configured them, see the following attachment for a method to remediate the configuration.
Now to configure your security group using PowerNSX, try the following:
$tag1 = Get-NsxSecurityTag -name HUB-CLIENT
$tag2 = Get-NsxSecurityTag -name ST-ENV-PROD
$tag3 = Get-NsxSecurityTag -name ROL-ORACLEDB
$Entity1 = New-NsxDynamicCriteriaSpec -Entity $tag3
$Entity2 = New-NsxDynamicCriteriaSpec -Entity $tag2
$Entity3 = New-NsxDynamicCriteriaSpec -Entity $tag1
Get-NsxSecurityGroup -name foo | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator AND -DynamicCriteriaSpec $Entity1,$Entity2,$Entity3
Regards
Dale