Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides information about an existing Intrusion Service Gateway Policy Rule configured on NSX. It can be useful to retrieve individual IDPS Gateway rules that are managed separately from their parent policy.
NOTE: This data source retrieves standalone rules that are managed separately from their parent policy, allowing you to refer specific IDPS Gateway rule in other resources. For different use cases, consider:
nsxt.PolicyIntrusionServiceGatewayPolicy- For IDPS Gateway policy with embedded rulesnsxt.PolicyParentIntrusionServiceGatewayPolicy- For parent IDPS Gateway policy metadata only
This data source is applicable to NSX Policy Manager (NSX version 4.2.0 onwards).
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
// Get parent Gateway policy for its path
const idsGwPolicy = nsxt.getPolicyParentIntrusionServiceGatewayPolicy({
displayName: "my-ids-gateway-policy",
});
// Get individual Gateway rule from that policy
const idsGwRule = idsGwPolicy.then(idsGwPolicy => nsxt.getPolicyIntrusionServiceGatewayPolicyRule({
displayName: "detect-north-south-threats",
policyPath: idsGwPolicy.path,
}));
import pulumi
import pulumi_nsxt as nsxt
# Get parent Gateway policy for its path
ids_gw_policy = nsxt.get_policy_parent_intrusion_service_gateway_policy(display_name="my-ids-gateway-policy")
# Get individual Gateway rule from that policy
ids_gw_rule = nsxt.get_policy_intrusion_service_gateway_policy_rule(display_name="detect-north-south-threats",
policy_path=ids_gw_policy.path)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get parent Gateway policy for its path
idsGwPolicy, err := nsxt.LookupPolicyParentIntrusionServiceGatewayPolicy(ctx, &nsxt.LookupPolicyParentIntrusionServiceGatewayPolicyArgs{
DisplayName: pulumi.StringRef("my-ids-gateway-policy"),
}, nil)
if err != nil {
return err
}
// Get individual Gateway rule from that policy
_, err = nsxt.LookupPolicyIntrusionServiceGatewayPolicyRule(ctx, &nsxt.LookupPolicyIntrusionServiceGatewayPolicyRuleArgs{
DisplayName: pulumi.StringRef("detect-north-south-threats"),
PolicyPath: idsGwPolicy.Path,
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
// Get parent Gateway policy for its path
var idsGwPolicy = Nsxt.GetPolicyParentIntrusionServiceGatewayPolicy.Invoke(new()
{
DisplayName = "my-ids-gateway-policy",
});
// Get individual Gateway rule from that policy
var idsGwRule = Nsxt.GetPolicyIntrusionServiceGatewayPolicyRule.Invoke(new()
{
DisplayName = "detect-north-south-threats",
PolicyPath = idsGwPolicy.Apply(getPolicyParentIntrusionServiceGatewayPolicyResult => getPolicyParentIntrusionServiceGatewayPolicyResult.Path),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyParentIntrusionServiceGatewayPolicyArgs;
import com.pulumi.nsxt.inputs.GetPolicyIntrusionServiceGatewayPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get parent Gateway policy for its path
final var idsGwPolicy = NsxtFunctions.getPolicyParentIntrusionServiceGatewayPolicy(GetPolicyParentIntrusionServiceGatewayPolicyArgs.builder()
.displayName("my-ids-gateway-policy")
.build());
// Get individual Gateway rule from that policy
final var idsGwRule = NsxtFunctions.getPolicyIntrusionServiceGatewayPolicyRule(GetPolicyIntrusionServiceGatewayPolicyRuleArgs.builder()
.displayName("detect-north-south-threats")
.policyPath(idsGwPolicy.path())
.build());
}
}
variables:
# Get parent Gateway policy for its path
idsGwPolicy:
fn::invoke:
function: nsxt:getPolicyParentIntrusionServiceGatewayPolicy
arguments:
displayName: my-ids-gateway-policy
# Get individual Gateway rule from that policy
idsGwRule:
fn::invoke:
function: nsxt:getPolicyIntrusionServiceGatewayPolicyRule
arguments:
displayName: detect-north-south-threats
policyPath: ${idsGwPolicy.path}
Example coming soon!
Using getPolicyIntrusionServiceGatewayPolicyRule
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyIntrusionServiceGatewayPolicyRule(args: GetPolicyIntrusionServiceGatewayPolicyRuleArgs, opts?: InvokeOptions): Promise<GetPolicyIntrusionServiceGatewayPolicyRuleResult>
function getPolicyIntrusionServiceGatewayPolicyRuleOutput(args: GetPolicyIntrusionServiceGatewayPolicyRuleOutputArgs, opts?: InvokeOptions): Output<GetPolicyIntrusionServiceGatewayPolicyRuleResult>def get_policy_intrusion_service_gateway_policy_rule(description: Optional[str] = None,
direction: Optional[str] = None,
display_name: Optional[str] = None,
domain: Optional[str] = None,
id: Optional[str] = None,
ip_version: Optional[str] = None,
policy_path: Optional[str] = None,
tags: Optional[Sequence[GetPolicyIntrusionServiceGatewayPolicyRuleTag]] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyIntrusionServiceGatewayPolicyRuleResult
def get_policy_intrusion_service_gateway_policy_rule_output(description: pulumi.Input[Optional[str]] = None,
direction: pulumi.Input[Optional[str]] = None,
display_name: pulumi.Input[Optional[str]] = None,
domain: pulumi.Input[Optional[str]] = None,
id: pulumi.Input[Optional[str]] = None,
ip_version: pulumi.Input[Optional[str]] = None,
policy_path: pulumi.Input[Optional[str]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[GetPolicyIntrusionServiceGatewayPolicyRuleTagArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyIntrusionServiceGatewayPolicyRuleResult]func LookupPolicyIntrusionServiceGatewayPolicyRule(ctx *Context, args *LookupPolicyIntrusionServiceGatewayPolicyRuleArgs, opts ...InvokeOption) (*LookupPolicyIntrusionServiceGatewayPolicyRuleResult, error)
func LookupPolicyIntrusionServiceGatewayPolicyRuleOutput(ctx *Context, args *LookupPolicyIntrusionServiceGatewayPolicyRuleOutputArgs, opts ...InvokeOption) LookupPolicyIntrusionServiceGatewayPolicyRuleResultOutput> Note: This function is named LookupPolicyIntrusionServiceGatewayPolicyRule in the Go SDK.
public static class GetPolicyIntrusionServiceGatewayPolicyRule
{
public static Task<GetPolicyIntrusionServiceGatewayPolicyRuleResult> InvokeAsync(GetPolicyIntrusionServiceGatewayPolicyRuleArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyIntrusionServiceGatewayPolicyRuleResult> Invoke(GetPolicyIntrusionServiceGatewayPolicyRuleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyIntrusionServiceGatewayPolicyRuleResult> getPolicyIntrusionServiceGatewayPolicyRule(GetPolicyIntrusionServiceGatewayPolicyRuleArgs args, InvokeOptions options)
public static Output<GetPolicyIntrusionServiceGatewayPolicyRuleResult> getPolicyIntrusionServiceGatewayPolicyRule(GetPolicyIntrusionServiceGatewayPolicyRuleArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyIntrusionServiceGatewayPolicyRule:getPolicyIntrusionServiceGatewayPolicyRule
arguments:
# arguments dictionarydata "nsxt_getpolicyintrusionservicegatewaypolicyrule" "name" {
# arguments
}The following arguments are supported:
- Policy
Path string - The path of the parent gateway policy containing this rule.
- Description string
- The description of the resource.
- Direction string
- Traffic direction.
- Display
Name string - The display name of the rule to retrieve.
- Domain string
- The domain of the policy containing this rule. Defaults to
default. - Id string
- The ID of the rule to retrieve.
- Ip
Version string - IP version.
-
List<Get
Policy Intrusion Service Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this rule.
- Policy
Path string - The path of the parent gateway policy containing this rule.
- Description string
- The description of the resource.
- Direction string
- Traffic direction.
- Display
Name string - The display name of the rule to retrieve.
- Domain string
- The domain of the policy containing this rule. Defaults to
default. - Id string
- The ID of the rule to retrieve.
- Ip
Version string - IP version.
-
[]Get
Policy Intrusion Service Gateway Policy Rule Tag - A list of scope + tag pairs to associate with this rule.
- policy_
path string - The path of the parent gateway policy containing this rule.
- description string
- The description of the resource.
- direction string
- Traffic direction.
- display_
name string - The display name of the rule to retrieve.
- domain string
- The domain of the policy containing this rule. Defaults to
default. - id string
- The ID of the rule to retrieve.
- ip_
version string - IP version.
- list(object)
- A list of scope + tag pairs to associate with this rule.
- policy
Path String - The path of the parent gateway policy containing this rule.
- description String
- The description of the resource.
- direction String
- Traffic direction.
- display
Name String - The display name of the rule to retrieve.
- domain String
- The domain of the policy containing this rule. Defaults to
default. - id String
- The ID of the rule to retrieve.
- ip
Version String - IP version.
-
List<Get
Policy Intrusion Service Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this rule.
- policy
Path string - The path of the parent gateway policy containing this rule.
- description string
- The description of the resource.
- direction string
- Traffic direction.
- display
Name string - The display name of the rule to retrieve.
- domain string
- The domain of the policy containing this rule. Defaults to
default. - id string
- The ID of the rule to retrieve.
- ip
Version string - IP version.
-
Get
Policy Intrusion Service Gateway Policy Rule Tag[] - A list of scope + tag pairs to associate with this rule.
- policy_
path str - The path of the parent gateway policy containing this rule.
- description str
- The description of the resource.
- direction str
- Traffic direction.
- display_
name str - The display name of the rule to retrieve.
- domain str
- The domain of the policy containing this rule. Defaults to
default. - id str
- The ID of the rule to retrieve.
- ip_
version str - IP version.
-
Sequence[Get
Policy Intrusion Service Gateway Policy Rule Tag] - A list of scope + tag pairs to associate with this rule.
- policy
Path String - The path of the parent gateway policy containing this rule.
- description String
- The description of the resource.
- direction String
- Traffic direction.
- display
Name String - The display name of the rule to retrieve.
- domain String
- The domain of the policy containing this rule. Defaults to
default. - id String
- The ID of the rule to retrieve.
- ip
Version String - IP version.
- List<Property Map>
- A list of scope + tag pairs to associate with this rule.
getPolicyIntrusionServiceGatewayPolicyRule Result
The following output properties are available:
- Action string
- Action for this rule.
- Description string
- The description of the resource.
- Destination
Groups List<string> - List of destination groups.
- Destinations
Excluded bool - Flag to indicate whether destinations are negated.
- Direction string
- Traffic direction.
- Disabled bool
- Flag to disable the rule.
- Display
Name string - Id string
- Ids
Profiles List<string> - List of IDS profiles for this rule.
- Ip
Version string - IP version.
- Log
Label string - Additional information which will be propagated to the rule syslog.
- Logged bool
- Flag to enable logging.
- Notes string
- Text for additional notes on changes for the rule.
- Path string
- The NSX path of the rule resource.
- Policy
Path string - Revision double
- Indicates current revision number of the object as seen by NSX-T API server.
- Rule
Id double - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes List<string>
- List of policy objects where the rule is enforced.
- Sequence
Number double - The sequence number of the rule.
- Services List<string>
- List of services.
- Source
Groups List<string> - List of source groups.
- Sources
Excluded bool - Flag to indicate whether sources are negated.
- Domain string
-
List<Get
Policy Intrusion Service Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this rule.
- Action string
- Action for this rule.
- Description string
- The description of the resource.
- Destination
Groups []string - List of destination groups.
- Destinations
Excluded bool - Flag to indicate whether destinations are negated.
- Direction string
- Traffic direction.
- Disabled bool
- Flag to disable the rule.
- Display
Name string - Id string
- Ids
Profiles []string - List of IDS profiles for this rule.
- Ip
Version string - IP version.
- Log
Label string - Additional information which will be propagated to the rule syslog.
- Logged bool
- Flag to enable logging.
- Notes string
- Text for additional notes on changes for the rule.
- Path string
- The NSX path of the rule resource.
- Policy
Path string - Revision float64
- Indicates current revision number of the object as seen by NSX-T API server.
- Rule
Id float64 - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes []string
- List of policy objects where the rule is enforced.
- Sequence
Number float64 - The sequence number of the rule.
- Services []string
- List of services.
- Source
Groups []string - List of source groups.
- Sources
Excluded bool - Flag to indicate whether sources are negated.
- Domain string
-
[]Get
Policy Intrusion Service Gateway Policy Rule Tag - A list of scope + tag pairs to associate with this rule.
- action string
- Action for this rule.
- description string
- The description of the resource.
- destination_
groups list(string) - List of destination groups.
- destinations_
excluded bool - Flag to indicate whether destinations are negated.
- direction string
- Traffic direction.
- disabled bool
- Flag to disable the rule.
- display_
name string - id string
- ids_
profiles list(string) - List of IDS profiles for this rule.
- ip_
version string - IP version.
- log_
label string - Additional information which will be propagated to the rule syslog.
- logged bool
- Flag to enable logging.
- notes string
- Text for additional notes on changes for the rule.
- path string
- The NSX path of the rule resource.
- policy_
path string - revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- rule_
id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes list(string)
- List of policy objects where the rule is enforced.
- sequence_
number number - The sequence number of the rule.
- services list(string)
- List of services.
- source_
groups list(string) - List of source groups.
- sources_
excluded bool - Flag to indicate whether sources are negated.
- domain string
- list(object)
- A list of scope + tag pairs to associate with this rule.
- action String
- Action for this rule.
- description String
- The description of the resource.
- destination
Groups List<String> - List of destination groups.
- destinations
Excluded Boolean - Flag to indicate whether destinations are negated.
- direction String
- Traffic direction.
- disabled Boolean
- Flag to disable the rule.
- display
Name String - id String
- ids
Profiles List<String> - List of IDS profiles for this rule.
- ip
Version String - IP version.
- log
Label String - Additional information which will be propagated to the rule syslog.
- logged Boolean
- Flag to enable logging.
- notes String
- Text for additional notes on changes for the rule.
- path String
- The NSX path of the rule resource.
- policy
Path String - revision Double
- Indicates current revision number of the object as seen by NSX-T API server.
- rule
Id Double - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy objects where the rule is enforced.
- sequence
Number Double - The sequence number of the rule.
- services List<String>
- List of services.
- source
Groups List<String> - List of source groups.
- sources
Excluded Boolean - Flag to indicate whether sources are negated.
- domain String
-
List<Get
Policy Intrusion Service Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this rule.
- action string
- Action for this rule.
- description string
- The description of the resource.
- destination
Groups string[] - List of destination groups.
- destinations
Excluded boolean - Flag to indicate whether destinations are negated.
- direction string
- Traffic direction.
- disabled boolean
- Flag to disable the rule.
- display
Name string - id string
- ids
Profiles string[] - List of IDS profiles for this rule.
- ip
Version string - IP version.
- log
Label string - Additional information which will be propagated to the rule syslog.
- logged boolean
- Flag to enable logging.
- notes string
- Text for additional notes on changes for the rule.
- path string
- The NSX path of the rule resource.
- policy
Path string - revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- rule
Id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes string[]
- List of policy objects where the rule is enforced.
- sequence
Number number - The sequence number of the rule.
- services string[]
- List of services.
- source
Groups string[] - List of source groups.
- sources
Excluded boolean - Flag to indicate whether sources are negated.
- domain string
-
Get
Policy Intrusion Service Gateway Policy Rule Tag[] - A list of scope + tag pairs to associate with this rule.
- action str
- Action for this rule.
- description str
- The description of the resource.
- destination_
groups Sequence[str] - List of destination groups.
- destinations_
excluded bool - Flag to indicate whether destinations are negated.
- direction str
- Traffic direction.
- disabled bool
- Flag to disable the rule.
- display_
name str - id str
- ids_
profiles Sequence[str] - List of IDS profiles for this rule.
- ip_
version str - IP version.
- log_
label str - Additional information which will be propagated to the rule syslog.
- logged bool
- Flag to enable logging.
- notes str
- Text for additional notes on changes for the rule.
- path str
- The NSX path of the rule resource.
- policy_
path str - revision float
- Indicates current revision number of the object as seen by NSX-T API server.
- rule_
id float - Unique positive number that is assigned by the system and is useful for debugging.
- scopes Sequence[str]
- List of policy objects where the rule is enforced.
- sequence_
number float - The sequence number of the rule.
- services Sequence[str]
- List of services.
- source_
groups Sequence[str] - List of source groups.
- sources_
excluded bool - Flag to indicate whether sources are negated.
- domain str
-
Sequence[Get
Policy Intrusion Service Gateway Policy Rule Tag] - A list of scope + tag pairs to associate with this rule.
- action String
- Action for this rule.
- description String
- The description of the resource.
- destination
Groups List<String> - List of destination groups.
- destinations
Excluded Boolean - Flag to indicate whether destinations are negated.
- direction String
- Traffic direction.
- disabled Boolean
- Flag to disable the rule.
- display
Name String - id String
- ids
Profiles List<String> - List of IDS profiles for this rule.
- ip
Version String - IP version.
- log
Label String - Additional information which will be propagated to the rule syslog.
- logged Boolean
- Flag to enable logging.
- notes String
- Text for additional notes on changes for the rule.
- path String
- The NSX path of the rule resource.
- policy
Path String - revision Number
- Indicates current revision number of the object as seen by NSX-T API server.
- rule
Id Number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy objects where the rule is enforced.
- sequence
Number Number - The sequence number of the rule.
- services List<String>
- List of services.
- source
Groups List<String> - List of source groups.
- sources
Excluded Boolean - Flag to indicate whether sources are negated.
- domain String
- List<Property Map>
- A list of scope + tag pairs to associate with this rule.
Supporting Types
GetPolicyIntrusionServiceGatewayPolicyRuleTag
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware