Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides information about cluster security configuration in NSX-T. It can be used to check the status of security features like Distributed Firewall (DFW) on a compute cluster.
Note: This data source is available for NSX-T 9.1.0 and above.
Example Usage
Read Cluster Security Configuration
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const cluster1 = nsxt.getComputeCollection({
displayName: "Compute-Cluster-01",
});
const cluster1Security = cluster1.then(cluster1 => nsxt.getPolicyClusterSecurityConfig({
clusterId: cluster1.id,
}));
export const dfwEnabled = cluster1Security.then(cluster1Security => cluster1Security.dfwEnabled);
import pulumi
import pulumi_nsxt as nsxt
cluster1 = nsxt.get_compute_collection(display_name="Compute-Cluster-01")
cluster1_security = nsxt.get_policy_cluster_security_config(cluster_id=cluster1.id)
pulumi.export("dfwEnabled", cluster1_security.dfw_enabled)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster1, err := nsxt.GetComputeCollection(ctx, &nsxt.GetComputeCollectionArgs{
DisplayName: "Compute-Cluster-01",
}, nil)
if err != nil {
return err
}
cluster1Security, err := nsxt.LookupPolicyClusterSecurityConfig(ctx, &nsxt.LookupPolicyClusterSecurityConfigArgs{
ClusterId: cluster1.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("dfwEnabled", cluster1Security.DfwEnabled)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var cluster1 = Nsxt.GetComputeCollection.Invoke(new()
{
DisplayName = "Compute-Cluster-01",
});
var cluster1Security = Nsxt.GetPolicyClusterSecurityConfig.Invoke(new()
{
ClusterId = cluster1.Apply(getComputeCollectionResult => getComputeCollectionResult.Id),
});
return new Dictionary<string, object?>
{
["dfwEnabled"] = cluster1Security.Apply(getPolicyClusterSecurityConfigResult => getPolicyClusterSecurityConfigResult.DfwEnabled),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetComputeCollectionArgs;
import com.pulumi.nsxt.inputs.GetPolicyClusterSecurityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var cluster1 = NsxtFunctions.getComputeCollection(GetComputeCollectionArgs.builder()
.displayName("Compute-Cluster-01")
.build());
final var cluster1Security = NsxtFunctions.getPolicyClusterSecurityConfig(GetPolicyClusterSecurityConfigArgs.builder()
.clusterId(cluster1.id())
.build());
ctx.export("dfwEnabled", cluster1Security.dfwEnabled());
}
}
variables:
cluster1:
fn::invoke:
function: nsxt:getComputeCollection
arguments:
displayName: Compute-Cluster-01
cluster1Security:
fn::invoke:
function: nsxt:getPolicyClusterSecurityConfig
arguments:
clusterId: ${cluster1.id}
outputs:
dfwEnabled: ${cluster1Security.dfwEnabled}
Example coming soon!
Check DFW Status Before Creating IDPS Config
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
export = async () => {
const cluster1 = await nsxt.getComputeCollection({
displayName: "Compute-Cluster-01",
});
const cluster1Security = await nsxt.getPolicyClusterSecurityConfig({
clusterId: cluster1.id,
});
// Only create IDPS config if DFW is enabled
const cluster1Idps: nsxt.PolicyIdpsClusterConfig[] = [];
for (const range = {value: 0}; range.value < (cluster1Security.dfwEnabled ? 1 : 0); range.value++) {
cluster1Idps.push(new nsxt.PolicyIdpsClusterConfig(`cluster1_idps-${range.value}`, {
displayName: "cluster1-idps",
idsEnabled: true,
cluster: {
targetId: cluster1.id,
targetType: "VC_Cluster",
},
}));
}
}
import pulumi
import pulumi_nsxt as nsxt
cluster1 = nsxt.get_compute_collection(display_name="Compute-Cluster-01")
cluster1_security = nsxt.get_policy_cluster_security_config(cluster_id=cluster1.id)
# Only create IDPS config if DFW is enabled
cluster1_idps = []
for range in [{"value": i} for i in range(0, 1 if cluster1_security.dfw_enabled else 0)]:
cluster1_idps.append(nsxt.PolicyIdpsClusterConfig(f"cluster1_idps-{range['value']}",
display_name="cluster1-idps",
ids_enabled=True,
cluster={
"target_id": cluster1.id,
"target_type": "VC_Cluster",
}))
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster1, err := nsxt.GetComputeCollection(ctx, &nsxt.GetComputeCollectionArgs{
DisplayName: "Compute-Cluster-01",
}, nil)
if err != nil {
return err
}
cluster1Security, err := nsxt.LookupPolicyClusterSecurityConfig(ctx, &nsxt.LookupPolicyClusterSecurityConfigArgs{
ClusterId: cluster1.Id,
}, nil)
if err != nil {
return err
}
// Only create IDPS config if DFW is enabled
var tmp0 float64
if cluster1Security.DfwEnabled {
tmp0 = 1
} else {
tmp0 = 0
}
var cluster1Idps []*nsxt.PolicyIdpsClusterConfig
for index := 0; index < tmp0; index++ {
key0 := index
_ := index
__res, err := nsxt.NewPolicyIdpsClusterConfig(ctx, fmt.Sprintf("cluster1_idps-%v", key0), &nsxt.PolicyIdpsClusterConfigArgs{
DisplayName: pulumi.String("cluster1-idps"),
IdsEnabled: pulumi.Bool(true),
Cluster: &nsxt.PolicyIdpsClusterConfigClusterArgs{
TargetId: pulumi.String(cluster1.Id),
TargetType: pulumi.String("VC_Cluster"),
},
})
if err != nil {
return err
}
cluster1Idps = append(cluster1Idps, __res)
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(async() =>
{
var cluster1 = await Nsxt.GetComputeCollection.InvokeAsync(new()
{
DisplayName = "Compute-Cluster-01",
});
var cluster1Security = await Nsxt.GetPolicyClusterSecurityConfig.InvokeAsync(new()
{
ClusterId = cluster1.Id,
});
// Only create IDPS config if DFW is enabled
var cluster1Idps = new List<Nsxt.PolicyIdpsClusterConfig>();
for (var rangeIndex = 0; rangeIndex < cluster1Security.DfwEnabled ? 1 : 0; rangeIndex++)
{
var range = new { Value = rangeIndex };
cluster1Idps.Add(new Nsxt.PolicyIdpsClusterConfig($"cluster1_idps-{range.Value}", new()
{
DisplayName = "cluster1-idps",
IdsEnabled = true,
Cluster = new Nsxt.Inputs.PolicyIdpsClusterConfigClusterArgs
{
TargetId = cluster1.Id,
TargetType = "VC_Cluster",
},
}));
}
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetComputeCollectionArgs;
import com.pulumi.nsxt.inputs.GetPolicyClusterSecurityConfigArgs;
import com.pulumi.nsxt.PolicyIdpsClusterConfig;
import com.pulumi.nsxt.PolicyIdpsClusterConfigArgs;
import com.pulumi.nsxt.inputs.PolicyIdpsClusterConfigClusterArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var cluster1 = NsxtFunctions.getComputeCollection(GetComputeCollectionArgs.builder()
.displayName("Compute-Cluster-01")
.build());
final var cluster1Security = NsxtFunctions.getPolicyClusterSecurityConfig(GetPolicyClusterSecurityConfigArgs.builder()
.clusterId(cluster1.id())
.build());
// Only create IDPS config if DFW is enabled
for (var i = 0; i < cluster1Security.dfwEnabled() ? 1 : 0; i++) {
new PolicyIdpsClusterConfig("cluster1Idps-" + i, PolicyIdpsClusterConfigArgs.builder()
.displayName("cluster1-idps")
.idsEnabled(true)
.cluster(PolicyIdpsClusterConfigClusterArgs.builder()
.targetId(cluster1.id())
.targetType("VC_Cluster")
.build())
.build());
}
}
}
resources:
# Only create IDPS config if DFW is enabled
cluster1Idps:
type: nsxt:PolicyIdpsClusterConfig
name: cluster1_idps
properties:
displayName: cluster1-idps
idsEnabled: true
cluster:
targetId: ${cluster1.id}
targetType: VC_Cluster
options: {}
variables:
cluster1:
fn::invoke:
function: nsxt:getComputeCollection
arguments:
displayName: Compute-Cluster-01
cluster1Security:
fn::invoke:
function: nsxt:getPolicyClusterSecurityConfig
arguments:
clusterId: ${cluster1.id}
Example coming soon!
Example Outputs
Check if DFW is Enabled
import * as pulumi from "@pulumi/pulumi";
export const isDfwEnabled = cluster1Security.dfwEnabled;
import pulumi
pulumi.export("isDfwEnabled", cluster1_security["dfwEnabled"])
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
ctx.Export("isDfwEnabled", cluster1Security.DfwEnabled)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
return new Dictionary<string, object?>
{
["isDfwEnabled"] = cluster1Security.DfwEnabled,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
ctx.export("isDfwEnabled", cluster1Security.dfwEnabled());
}
}
outputs:
isDfwEnabled: ${cluster1Security.dfwEnabled}
Example coming soon!
Conditional Resource Creation
import * as pulumi from "@pulumi/pulumi";
import * as _null from "@pulumi/null";
import * as command from "@pulumi/command";
const dfwCheck: _null.index.Resource[] = [];
for (const range = {value: 0}; range.value < (cluster1Security.dfwEnabled ? 0 : 1); range.value++) {
dfwCheck.push(new _null.index.Resource(`dfw_check-${range.value}`, {}));
}
const dfwCheckProvisioner0 = new command.local.Command("dfwCheckProvisioner0", {create: "echo 'Warning: DFW is not enabled on the cluster'"}, {
dependsOn: [dfwCheck],
});
import pulumi
import pulumi_command as command
import pulumi_null as null
dfw_check = []
for range in [{"value": i} for i in range(0, 0 if cluster1_security.dfw_enabled else 1)]:
dfw_check.append(null.index.Resource(f"dfw_check-{range['value']}"))
dfw_check_provisioner0 = command.local.Command("dfwCheckProvisioner0", create=echo 'Warning: DFW is not enabled on the cluster',
opts = pulumi.ResourceOptions(depends_on=[dfw_check]))
package main
import (
"github.com/pulumi/pulumi-command/sdk/go/command/local"
"github.com/pulumi/pulumi-null/sdk/go/null"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
var tmp0 float64
if cluster1Security.DfwEnabled {
tmp0 = 0
} else {
tmp0 = 1
}
var dfwCheck []*null.Resource
for index := 0; index < tmp0; index++ {
key0 := index
_ := index
__res, err := null.NewResource(ctx, fmt.Sprintf("dfw_check-%v", key0), nil)
if err != nil {
return err
}
dfwCheck = append(dfwCheck, __res)
}
_, err = local.NewCommand(ctx, "dfwCheckProvisioner0", &local.CommandArgs{
Create: "echo 'Warning: DFW is not enabled on the cluster'",
}, pulumi.DependsOn([]pulumi.Resource{
dfwCheck,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Command = Pulumi.Command;
using Null = Pulumi.Null;
return await Deployment.RunAsync(() =>
{
var dfwCheck = new List<Null.Index.Resource>();
for (var rangeIndex = 0; rangeIndex < (cluster1Security.DfwEnabled ? 0 : 1); rangeIndex++)
{
var range = new { Value = rangeIndex };
dfwCheck.Add(new Null.Index.Resource($"dfw_check-{range.Value}", new()
{
}));
}
var dfwCheckProvisioner0 = new Command.Local.Command("dfwCheckProvisioner0", new()
{
Create = "echo 'Warning: DFW is not enabled on the cluster'",
}, new CustomResourceOptions
{
DependsOn =
{
dfwCheck,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.null.Resource;
import com.pulumi.command.local.Command;
import com.pulumi.command.local.CommandArgs;
import com.pulumi.codegen.internal.KeyedValue;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
for (var i = 0; i < (cluster1Security.dfwEnabled() ? 0 : 1); i++) {
new Resource("dfwCheck-" + i);
}
var dfwCheckProvisioner0 = new Command("dfwCheckProvisioner0", CommandArgs.builder()
.create("echo 'Warning: DFW is not enabled on the cluster'")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(dfwCheck))
.build());
}
}
resources:
dfwCheck:
type: null:Resource
name: dfw_check
options: {}
dfwCheckProvisioner0:
type: command:local:Command
properties:
create: 'echo ''Warning: DFW is not enabled on the cluster'''
options:
dependsOn:
- ${dfwCheck}
Example coming soon!
Using getPolicyClusterSecurityConfig
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyClusterSecurityConfig(args: GetPolicyClusterSecurityConfigArgs, opts?: InvokeOptions): Promise<GetPolicyClusterSecurityConfigResult>
function getPolicyClusterSecurityConfigOutput(args: GetPolicyClusterSecurityConfigOutputArgs, opts?: InvokeOptions): Output<GetPolicyClusterSecurityConfigResult>def get_policy_cluster_security_config(cluster_id: Optional[str] = None,
id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyClusterSecurityConfigResult
def get_policy_cluster_security_config_output(cluster_id: pulumi.Input[Optional[str]] = None,
id: pulumi.Input[Optional[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyClusterSecurityConfigResult]func LookupPolicyClusterSecurityConfig(ctx *Context, args *LookupPolicyClusterSecurityConfigArgs, opts ...InvokeOption) (*LookupPolicyClusterSecurityConfigResult, error)
func LookupPolicyClusterSecurityConfigOutput(ctx *Context, args *LookupPolicyClusterSecurityConfigOutputArgs, opts ...InvokeOption) LookupPolicyClusterSecurityConfigResultOutput> Note: This function is named LookupPolicyClusterSecurityConfig in the Go SDK.
public static class GetPolicyClusterSecurityConfig
{
public static Task<GetPolicyClusterSecurityConfigResult> InvokeAsync(GetPolicyClusterSecurityConfigArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyClusterSecurityConfigResult> Invoke(GetPolicyClusterSecurityConfigInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyClusterSecurityConfigResult> getPolicyClusterSecurityConfig(GetPolicyClusterSecurityConfigArgs args, InvokeOptions options)
public static Output<GetPolicyClusterSecurityConfigResult> getPolicyClusterSecurityConfig(GetPolicyClusterSecurityConfigArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyClusterSecurityConfig:getPolicyClusterSecurityConfig
arguments:
# arguments dictionarydata "nsxt_getpolicyclustersecurityconfig" "name" {
# arguments
}The following arguments are supported:
- cluster_
id string - The cluster external ID (e.g., "uuid:domain-c20"). This is typically obtained from the
nsxt.getComputeCollectiondata source'sidattribute. - id string
- The cluster ID.
- cluster_
id str - The cluster external ID (e.g., "uuid:domain-c20"). This is typically obtained from the
nsxt.getComputeCollectiondata source'sidattribute. - id str
- The cluster ID.
getPolicyClusterSecurityConfig Result
The following output properties are available:
- Cluster
Id string - Description string
- The description of the cluster security configuration.
- Dfw
Enabled bool - Whether Distributed Firewall (DFW) is enabled on the cluster.
- Display
Name string - The display name of the cluster security configuration.
- Id string
- The cluster ID.
- Path string
- The NSX path of the cluster security configuration.
- Cluster
Id string - Description string
- The description of the cluster security configuration.
- Dfw
Enabled bool - Whether Distributed Firewall (DFW) is enabled on the cluster.
- Display
Name string - The display name of the cluster security configuration.
- Id string
- The cluster ID.
- Path string
- The NSX path of the cluster security configuration.
- cluster_
id string - description string
- The description of the cluster security configuration.
- dfw_
enabled bool - Whether Distributed Firewall (DFW) is enabled on the cluster.
- display_
name string - The display name of the cluster security configuration.
- id string
- The cluster ID.
- path string
- The NSX path of the cluster security configuration.
- cluster
Id String - description String
- The description of the cluster security configuration.
- dfw
Enabled Boolean - Whether Distributed Firewall (DFW) is enabled on the cluster.
- display
Name String - The display name of the cluster security configuration.
- id String
- The cluster ID.
- path String
- The NSX path of the cluster security configuration.
- cluster
Id string - description string
- The description of the cluster security configuration.
- dfw
Enabled boolean - Whether Distributed Firewall (DFW) is enabled on the cluster.
- display
Name string - The display name of the cluster security configuration.
- id string
- The cluster ID.
- path string
- The NSX path of the cluster security configuration.
- cluster_
id str - description str
- The description of the cluster security configuration.
- dfw_
enabled bool - Whether Distributed Firewall (DFW) is enabled on the cluster.
- display_
name str - The display name of the cluster security configuration.
- id str
- The cluster ID.
- path str
- The NSX path of the cluster security configuration.
- cluster
Id String - description String
- The description of the cluster security configuration.
- dfw
Enabled Boolean - Whether Distributed Firewall (DFW) is enabled on the cluster.
- display
Name String - The display name of the cluster security configuration.
- id String
- The cluster ID.
- path String
- The NSX path of the cluster security configuration.
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware