DFW Postman API

DFW Postman API

Hi Everyone,

I'm running VMware NSX 3.2.2. I created custom role (security: full access, inventory: full access and the rest read-only). 

I added an AD User and bind the custom role to the user. When I create a DFW policy and rule with this AD user through the UI it works whereas when I try to create the same rule through the API with postman, i have 403 error user is not authorized.

Has someone come across this issue?

Thanks

Tags (3)
Comments

Hope the below link will help:

 

https://developer.vmware.com/apis/976/nsx-t/

 

Thanks

thank you @Prakash_Karasu . i used the policy api: PATCH /policy/api/v1/infra to do that but i had the error i mentionned above?

Have you made sure to authorize before you tried to edit the rule? You can find the authentication information here (scroll down to "Request Authentication).

https://developer.vmware.com/apis/1733/nsx-t/

If your authentication is okay, have you tried a GET a request to see if that works?

In addition, your endpoint doesn't seem to be complete. If you want to create a rule, you'd use something like

PUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
or
PUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}

 

 

Regarding the authentication everything is OK. When I GET a request everything is OK. 

The only is issue is when i want to PATCH a request regarding DFW.

When I change the custom role to a built-in role (security admin) the same payload works fine.

I look into the nsxapi.log and I found an ERROR message mentionning that  "incoming role null is not authorized to access API with rbac_feature domain_admin having required_permission curd".

 

I looked at the role-with-feature and the admin_domain required_permission value is "read".  I can't changed that.

Version history
Revision #:
1 of 1
Last update:
‎12-20-2023 02:35 AM
Updated by: