VMware Networking Community
p0wertje
Hot Shot
Hot Shot
Jump to solution

nsx-t intent-based policy api

Hi,

Have a question about the intent-based policy api.

When sending this "PATCH" request , nsx-t api check on syntax and some more stuff. If all is ok, you get a 200 OK

But that does not say anything yet about the realized-state.

Does anyone have some experience with checking the intent state vs realized state ?

I know you can do some api calls to realized state with intent path supplied, but that is only for 1 part.

i.e i sent an intent state to create, t1, segement, lb-pool, lb-vip and some security policies. How can i check if everything is created ? (without running true all individual

realized state calls.

In other words, how can i check if the intent is created. AWS uses task for it, you can check. But nsx-t api only returns "200 OK"

thx!

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT | vExpert
Please kudo helpful posts and mark the thread as solved if solved
1 Solution

Accepted Solutions
DaleCoghlan
VMware Employee
VMware Employee
Jump to solution

You can check the realization APIs

Get consolidated status of an intent object

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Get realized entity uniquely identified by realized path

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Get list of realized objects associated with intent object

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Also worth reading is the  NSX Policy API - Getting Started Guide

NSX Policy API - Getting Started Guide v1.0.pdf

Cheers

Dale

View solution in original post

4 Replies
RaymundoEC
VMware Employee
VMware Employee
Jump to solution

Don't get your questions that is the only answer you get from the payload on the API there is not something like terraform plan.

+vRay
Reply
0 Kudos
p0wertje
Hot Shot
Hot Shot
Jump to solution

Hi,

I'll give an example of what i want to create as an intent

{

        "resource_type": "Infra",

        "children": [

                {

                        "Tier1": {

                                "tier0_path": "/infra/tier-0s/poc-tier0",

                                "failover_mode": "NON_PREEMPTIVE",

                                "route_advertisement_types": [

                                        "TIER1_CONNECTED",

                                        "TIER1_LB_VIP",

                                        "TIER1_NAT"

                                ],

                                "resource_type": "Tier1",

                                "id": "T1-test",

                                "children": [

                                        {

                                                "LocaleServices": {

                                                        "edge_cluster_path":

                                                        "/infra/sites/default/enforcement-points/default/edge-clusters/915a670f-e2e9-4dca-b0f7-6e861700a677",

                                                        "resource_type": "LocaleServices",

                                                        "id": "T1-LR3-SR",

                                                        "children": []

                                                },

                                                "resource_type": "ChildLocaleServices"

                                        },

                                        {

                                                "Segment":{

                                                        "subnets": [

                                                                {

                                                                        "gateway_address": "192.168.244.1/24",

                                                                        "network": "192.168.244.0/24"

                                                                }

                                                        ],

                                                        "transport_zone_path":

                                                        "/infra/sites/default/enforcement-points/default/transport-zones/d29c1e43-4448-4186-be49-75a4a2d44b60",

                                                        "resource_type": "Segment",

                                                        "id": "LS3",

                                                        "tags": [

                                                                {

                                                                        "scope": "application",

                                                                        "tag": "webservers"

                                                                }

                                                        ]

                                                },

                                                "resource_type": "ChildSegment"

                                        }

                                ]

                        },

                        "resource_type": "ChildTier1"

                },

                {

            "LBService": {

                "connectivity_path": "/infra/tier-1s/T1-test",

                "size": "SMALL",

                "resource_type": "LBService",

                "id": "LB1",

                "children": [],

                "tags": [

                    {

                        "scope": "application",

                        "tag": "app1"

                    }

                ]

            },

            "resource_type": "ChildLBService"

        },

        {

            "LBVirtualServer": {

                "enabled": true,

                "ip_address": "192.168.245.10",

                "ports": [

                    "80"

                ],

                "lb_service_path": "/infra/lb-services/LB1",

                "pool_path": "/infra/lb-pools/Pool1",

                "application_profile_path": "/infra/lb-app-profiles/default-http-lb-app-profile",

                "resource_type": "LBVirtualServer",

                "id": "VIP1",

                "children": [],

                "tags": [

                    {

                        "scope": "application",

                        "tag": "app1"

                    }

                ]

            },

            "resource_type": "ChildLBVirtualServer"

        },

        {

            "LBPool": {

                "algorithm": "ROUND_ROBIN",

                "members": [

                    {

                        "display_name": "S2",

                        "ip_address": "192.168.244.10",

                        "port": "80",

                        "admin_state": "ENABLED",

                        "backup_member": false,

                        "weight": 1

                    },

                    {

                        "display_name": "S1",

                        "ip_address": "192.168.244.20",

                        "port": "80",

                        "admin_state": "ENABLED",

                        "backup_member": false,

                        "weight": 1

                    }

                ],

                "active_monitor_paths": [

                    "/infra/lb-monitor-profiles/default-tcp-lb-monitor"

                ],

                "snat_translation": {

                    "type": "LBSnatDisabled"

                },

                "resource_type": "LBPool",

                "id": "Pool1",

                "children": [],

                "tags": [

                    {

                        "scope": "application",

                        "tag": "app1"

                    }

                ]

            },

            "resource_type": "ChildLBPool"

        }

   ]

}

This gives a 200 OK. Perfect. syntax is accepted.

Nsx translates the intent to 'normal' api calls and creates all i ask for.

How do i verify that it is created ?

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT | vExpert
Please kudo helpful posts and mark the thread as solved if solved
Reply
0 Kudos
RaymundoEC
VMware Employee
VMware Employee
Jump to solution

I see, so for example when you do this API call thru Postman it gives you back what aws created besides the 200 Ok that is what you are looking for? toherwise you will need a GET to pull what was set previously. other thing could be is simulated the response so could be a mock response insteadlike Prism Mock.

+vRay
Reply
0 Kudos
DaleCoghlan
VMware Employee
VMware Employee
Jump to solution

You can check the realization APIs

Get consolidated status of an intent object

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Get realized entity uniquely identified by realized path

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Get list of realized objects associated with intent object

https://vdc-download.vmware.com/vmwb-repository/dcr-public/9e1c6bcc-85db-46b6-bc38-d6d2431e7c17/30af...

Also worth reading is the  NSX Policy API - Getting Started Guide

NSX Policy API - Getting Started Guide v1.0.pdf

Cheers

Dale