Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides metadata information about an existing Parent Intrusion Service Gateway Policy configured on NSX.
It can be useful for fetching policy path to use in nsxt.PolicyIntrusionServiceGatewayPolicyRule resource.
NOTE: This data source retrieves only the parent policy metadata (id, display_name, description, path, sequence_number, etc.) without embedded rules, allowing you to refer a policy’s path for creating standalone rules. For different use cases, consider:
nsxt.PolicyIntrusionServiceGatewayPolicy- For IDPS Gateway policy with embedded rulesnsxt.PolicyIntrusionServiceGatewayPolicyRule- For individual standalone IDPS Gateway rules
This data source is applicable to NSX Policy Manager (NSX version 4.2.0 onwards).
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
// Get parent gateway policy metadata for rule creation
const parentGwPolicy = nsxt.getPolicyParentIntrusionServiceGatewayPolicy({
displayName: "production-gateway-ids-policy",
});
// Create standalone gateway rule using parent policy path
const newGwRule = new nsxt.PolicyIntrusionServiceGatewayPolicyRule("new_gw_rule", {
displayName: "new-north-south-detection",
policyPath: parentGwPolicy.then(parentGwPolicy => parentGwPolicy.path),
action: "DETECT",
});
import pulumi
import pulumi_nsxt as nsxt
# Get parent gateway policy metadata for rule creation
parent_gw_policy = nsxt.get_policy_parent_intrusion_service_gateway_policy(display_name="production-gateway-ids-policy")
# Create standalone gateway rule using parent policy path
new_gw_rule = nsxt.PolicyIntrusionServiceGatewayPolicyRule("new_gw_rule",
display_name="new-north-south-detection",
policy_path=parent_gw_policy.path,
action="DETECT")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get parent gateway policy metadata for rule creation
parentGwPolicy, err := nsxt.LookupPolicyParentIntrusionServiceGatewayPolicy(ctx, &nsxt.LookupPolicyParentIntrusionServiceGatewayPolicyArgs{
DisplayName: pulumi.StringRef("production-gateway-ids-policy"),
}, nil)
if err != nil {
return err
}
// Create standalone gateway rule using parent policy path
_, err = nsxt.NewPolicyIntrusionServiceGatewayPolicyRule(ctx, "new_gw_rule", &nsxt.PolicyIntrusionServiceGatewayPolicyRuleArgs{
DisplayName: pulumi.String("new-north-south-detection"),
PolicyPath: pulumi.String(parentGwPolicy.Path),
Action: pulumi.String("DETECT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
// Get parent gateway policy metadata for rule creation
var parentGwPolicy = Nsxt.GetPolicyParentIntrusionServiceGatewayPolicy.Invoke(new()
{
DisplayName = "production-gateway-ids-policy",
});
// Create standalone gateway rule using parent policy path
var newGwRule = new Nsxt.PolicyIntrusionServiceGatewayPolicyRule("new_gw_rule", new()
{
DisplayName = "new-north-south-detection",
PolicyPath = parentGwPolicy.Apply(getPolicyParentIntrusionServiceGatewayPolicyResult => getPolicyParentIntrusionServiceGatewayPolicyResult.Path),
Action = "DETECT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyParentIntrusionServiceGatewayPolicyArgs;
import com.pulumi.nsxt.PolicyIntrusionServiceGatewayPolicyRule;
import com.pulumi.nsxt.PolicyIntrusionServiceGatewayPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get parent gateway policy metadata for rule creation
final var parentGwPolicy = NsxtFunctions.getPolicyParentIntrusionServiceGatewayPolicy(GetPolicyParentIntrusionServiceGatewayPolicyArgs.builder()
.displayName("production-gateway-ids-policy")
.build());
// Create standalone gateway rule using parent policy path
var newGwRule = new PolicyIntrusionServiceGatewayPolicyRule("newGwRule", PolicyIntrusionServiceGatewayPolicyRuleArgs.builder()
.displayName("new-north-south-detection")
.policyPath(parentGwPolicy.path())
.action("DETECT")
.build());
}
}
resources:
# Create standalone gateway rule using parent policy path
newGwRule:
type: nsxt:PolicyIntrusionServiceGatewayPolicyRule
name: new_gw_rule
properties:
displayName: new-north-south-detection
policyPath: ${parentGwPolicy.path}
action: DETECT
variables:
# Get parent gateway policy metadata for rule creation
parentGwPolicy:
fn::invoke:
function: nsxt:getPolicyParentIntrusionServiceGatewayPolicy
arguments:
displayName: production-gateway-ids-policy
Example coming soon!
Using getPolicyParentIntrusionServiceGatewayPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyParentIntrusionServiceGatewayPolicy(args: GetPolicyParentIntrusionServiceGatewayPolicyArgs, opts?: InvokeOptions): Promise<GetPolicyParentIntrusionServiceGatewayPolicyResult>
function getPolicyParentIntrusionServiceGatewayPolicyOutput(args: GetPolicyParentIntrusionServiceGatewayPolicyOutputArgs, opts?: InvokeOptions): Output<GetPolicyParentIntrusionServiceGatewayPolicyResult>def get_policy_parent_intrusion_service_gateway_policy(category: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
domain: Optional[str] = None,
id: Optional[str] = None,
tags: Optional[Sequence[GetPolicyParentIntrusionServiceGatewayPolicyTag]] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyParentIntrusionServiceGatewayPolicyResult
def get_policy_parent_intrusion_service_gateway_policy_output(category: pulumi.Input[Optional[str]] = None,
description: pulumi.Input[Optional[str]] = None,
display_name: pulumi.Input[Optional[str]] = None,
domain: pulumi.Input[Optional[str]] = None,
id: pulumi.Input[Optional[str]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[GetPolicyParentIntrusionServiceGatewayPolicyTagArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyParentIntrusionServiceGatewayPolicyResult]func LookupPolicyParentIntrusionServiceGatewayPolicy(ctx *Context, args *LookupPolicyParentIntrusionServiceGatewayPolicyArgs, opts ...InvokeOption) (*LookupPolicyParentIntrusionServiceGatewayPolicyResult, error)
func LookupPolicyParentIntrusionServiceGatewayPolicyOutput(ctx *Context, args *LookupPolicyParentIntrusionServiceGatewayPolicyOutputArgs, opts ...InvokeOption) LookupPolicyParentIntrusionServiceGatewayPolicyResultOutput> Note: This function is named LookupPolicyParentIntrusionServiceGatewayPolicy in the Go SDK.
public static class GetPolicyParentIntrusionServiceGatewayPolicy
{
public static Task<GetPolicyParentIntrusionServiceGatewayPolicyResult> InvokeAsync(GetPolicyParentIntrusionServiceGatewayPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyParentIntrusionServiceGatewayPolicyResult> Invoke(GetPolicyParentIntrusionServiceGatewayPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyParentIntrusionServiceGatewayPolicyResult> getPolicyParentIntrusionServiceGatewayPolicy(GetPolicyParentIntrusionServiceGatewayPolicyArgs args, InvokeOptions options)
public static Output<GetPolicyParentIntrusionServiceGatewayPolicyResult> getPolicyParentIntrusionServiceGatewayPolicy(GetPolicyParentIntrusionServiceGatewayPolicyArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyParentIntrusionServiceGatewayPolicy:getPolicyParentIntrusionServiceGatewayPolicy
arguments:
# arguments dictionarydata "nsxt_getpolicyparentintrusionservicegatewaypolicy" "name" {
# arguments
}The following arguments are supported:
- Category string
- Category of the policy.
- Description string
- The description of the resource.
- Display
Name string - The display name of the policy to retrieve.
- Domain string
- The domain of the policy. Defaults to
default. - Id string
- The ID of the policy to retrieve.
-
List<Get
Policy Parent Intrusion Service Gateway Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Category string
- Category of the policy.
- Description string
- The description of the resource.
- Display
Name string - The display name of the policy to retrieve.
- Domain string
- The domain of the policy. Defaults to
default. - Id string
- The ID of the policy to retrieve.
-
[]Get
Policy Parent Intrusion Service Gateway Policy Tag - A list of scope + tag pairs to associate with this policy.
- category string
- Category of the policy.
- description string
- The description of the resource.
- display_
name string - The display name of the policy to retrieve.
- domain string
- The domain of the policy. Defaults to
default. - id string
- The ID of the policy to retrieve.
- list(object)
- A list of scope + tag pairs to associate with this policy.
- category String
- Category of the policy.
- description String
- The description of the resource.
- display
Name String - The display name of the policy to retrieve.
- domain String
- The domain of the policy. Defaults to
default. - id String
- The ID of the policy to retrieve.
-
List<Get
Policy Parent Intrusion Service Gateway Policy Tag> - A list of scope + tag pairs to associate with this policy.
- category string
- Category of the policy.
- description string
- The description of the resource.
- display
Name string - The display name of the policy to retrieve.
- domain string
- The domain of the policy. Defaults to
default. - id string
- The ID of the policy to retrieve.
-
Get
Policy Parent Intrusion Service Gateway Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- category str
- Category of the policy.
- description str
- The description of the resource.
- display_
name str - The display name of the policy to retrieve.
- domain str
- The domain of the policy. Defaults to
default. - id str
- The ID of the policy to retrieve.
-
Sequence[Get
Policy Parent Intrusion Service Gateway Policy Tag] - A list of scope + tag pairs to associate with this policy.
- category String
- Category of the policy.
- description String
- The description of the resource.
- display
Name String - The display name of the policy to retrieve.
- domain String
- The domain of the policy. Defaults to
default. - id String
- The ID of the policy to retrieve.
- List<Property Map>
- A list of scope + tag pairs to associate with this policy.
getPolicyParentIntrusionServiceGatewayPolicy Result
The following output properties are available:
- Category string
- Comments string
- Comments for security policy lock/unlock.
- Description string
- The description of the resource.
- Display
Name string - Id string
- Locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- Path string
- The NSX path of the policy resource.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server.
- Sequence
Number double - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- Stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- Domain string
-
List<Get
Policy Parent Intrusion Service Gateway Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Category string
- Comments string
- Comments for security policy lock/unlock.
- Description string
- The description of the resource.
- Display
Name string - Id string
- Locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- Path string
- The NSX path of the policy resource.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server.
- Sequence
Number float64 - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- Stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- Domain string
-
[]Get
Policy Parent Intrusion Service Gateway Policy Tag - A list of scope + tag pairs to associate with this policy.
- category string
- comments string
- Comments for security policy lock/unlock.
- description string
- The description of the resource.
- display_
name string - id string
- locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path string
- The NSX path of the policy resource.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence_
number number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- domain string
- list(object)
- A list of scope + tag pairs to associate with this policy.
- category String
- comments String
- Comments for security policy lock/unlock.
- description String
- The description of the resource.
- display
Name String - id String
- locked Boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path String
- The NSX path of the policy resource.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number Double - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful Boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- domain String
-
List<Get
Policy Parent Intrusion Service Gateway Policy Tag> - A list of scope + tag pairs to associate with this policy.
- category string
- comments string
- Comments for security policy lock/unlock.
- description string
- The description of the resource.
- display
Name string - id string
- locked boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path string
- The NSX path of the policy resource.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- domain string
-
Get
Policy Parent Intrusion Service Gateway Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- category str
- comments str
- Comments for security policy lock/unlock.
- description str
- The description of the resource.
- display_
name str - id str
- locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path str
- The NSX path of the policy resource.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence_
number float - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- domain str
-
Sequence[Get
Policy Parent Intrusion Service Gateway Policy Tag] - A list of scope + tag pairs to associate with this policy.
- category String
- comments String
- Comments for security policy lock/unlock.
- description String
- The description of the resource.
- display
Name String - id String
- locked Boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path String
- The NSX path of the policy resource.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number Number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful Boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Gateway Policies are always stateful.
- domain String
- List<Property Map>
- A list of scope + tag pairs to associate with this policy.
Supporting Types
GetPolicyParentIntrusionServiceGatewayPolicyTag
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware