Environment: NSX-T 2.4.1
I'm testing NSX-T Policy in my lab where I created 1 security group with a static member IP, when I try to extract the IP using the following api:
GET /policy/api/v1/infra/domains/default/groups/my-sg/members/ip-addresses
The response I got:
"httpStatus": "BAD_REQUEST",
"error_code": 500140,
"module_name": "Policy",
"error_message": "Object path(s)=[my-sg] may not have been realized on enforcement point path=[/infra/sites/default/enforcement-points/my-ep]."
}
However, with this API:
GET /policy/api/v1/infra/domains/default/groups/my-sg
The IP Addresses are included in the response:
"expression": [
{
"ip_addresses": [
"172.16.2.0/24"
],
"resource_type": "IPAddressExpression",
"marked_for_delete": false,
"_protection": "NOT_PROTECTED"
}
],
"resource_type": "Group",
"id": "my-sg",
"display_name": "my-sg",
"path": "/infra/domains/default/groups/my-sg",
"relative_path": "my-sg",
"parent_path": "/infra/domains/default",
"marked_for_delete": false,
"_create_user": "admin",
"_create_time": 1566615153728,
"_last_modified_user": "admin",
"_last_modified_time": 1566615153728,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Here is the steps I did:
After step 6, I observed the 500 Error from extracting security group member IP api.
NSX-T is new to me, does anyone know why this error occur? What should I do to make the api work again? Any ideas/help are greatly appreciated!
I didn't understand what you did or aim to do regarding enforcement point configuration. Without messing with it the API works fine.
What I believe is happening is that when you created the SG it used the default enforcement point. Seems the API call is using my-ep enforcement point, on which the SG was never realized. You would have to append "?enforcement_point_path=/infra/sites/default/enforcement-points/default" to your API call so it goes to the correct EP.
This should work, but I did not understand what is trying to be accomplished with this new EP you configured.