Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides metadata information about an existing Parent Intrusion Service (IDS) Policy configured on NSX for DFW (Distributed Firewall) context.
It can be useful for fetching policy path to use in nsxt.PolicyIntrusionServicePolicyRule resource.
NOTE: This data source retrieves only the parent policy metadata (id, display_name, description, path, sequence_number, etc.) without embedded rules, allowing you to refer a policy’s path for creating standalone rules. For different use cases, consider:
nsxt.PolicyIntrusionServicePolicy- For IDPS DFW policy with embedded rulesnsxt.PolicyIntrusionServicePolicyRule- For individual standalone IDPS DFW rules
This data source is applicable to NSX Policy Manager (NSX version 4.2.0 onwards).
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
// Get parent policy metadata for rule creation
const parentPolicy = nsxt.getPolicyParentIntrusionServicePolicy({
displayName: "production-ids-policy",
});
// Create standalone rule using parent policy path
const newRule = new nsxt.PolicyIntrusionServicePolicyRule("new_rule", {
displayName: "new-detection-rule",
policyPath: parentPolicy.then(parentPolicy => parentPolicy.path),
action: "DETECT",
});
import pulumi
import pulumi_nsxt as nsxt
# Get parent policy metadata for rule creation
parent_policy = nsxt.get_policy_parent_intrusion_service_policy(display_name="production-ids-policy")
# Create standalone rule using parent policy path
new_rule = nsxt.PolicyIntrusionServicePolicyRule("new_rule",
display_name="new-detection-rule",
policy_path=parent_policy.path,
action="DETECT")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get parent policy metadata for rule creation
parentPolicy, err := nsxt.LookupPolicyParentIntrusionServicePolicy(ctx, &nsxt.LookupPolicyParentIntrusionServicePolicyArgs{
DisplayName: pulumi.StringRef("production-ids-policy"),
}, nil)
if err != nil {
return err
}
// Create standalone rule using parent policy path
_, err = nsxt.NewPolicyIntrusionServicePolicyRule(ctx, "new_rule", &nsxt.PolicyIntrusionServicePolicyRuleArgs{
DisplayName: pulumi.String("new-detection-rule"),
PolicyPath: pulumi.String(parentPolicy.Path),
Action: pulumi.String("DETECT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
// Get parent policy metadata for rule creation
var parentPolicy = Nsxt.GetPolicyParentIntrusionServicePolicy.Invoke(new()
{
DisplayName = "production-ids-policy",
});
// Create standalone rule using parent policy path
var newRule = new Nsxt.PolicyIntrusionServicePolicyRule("new_rule", new()
{
DisplayName = "new-detection-rule",
PolicyPath = parentPolicy.Apply(getPolicyParentIntrusionServicePolicyResult => getPolicyParentIntrusionServicePolicyResult.Path),
Action = "DETECT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyParentIntrusionServicePolicyArgs;
import com.pulumi.nsxt.PolicyIntrusionServicePolicyRule;
import com.pulumi.nsxt.PolicyIntrusionServicePolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get parent policy metadata for rule creation
final var parentPolicy = NsxtFunctions.getPolicyParentIntrusionServicePolicy(GetPolicyParentIntrusionServicePolicyArgs.builder()
.displayName("production-ids-policy")
.build());
// Create standalone rule using parent policy path
var newRule = new PolicyIntrusionServicePolicyRule("newRule", PolicyIntrusionServicePolicyRuleArgs.builder()
.displayName("new-detection-rule")
.policyPath(parentPolicy.path())
.action("DETECT")
.build());
}
}
resources:
# Create standalone rule using parent policy path
newRule:
type: nsxt:PolicyIntrusionServicePolicyRule
name: new_rule
properties:
displayName: new-detection-rule
policyPath: ${parentPolicy.path}
action: DETECT
variables:
# Get parent policy metadata for rule creation
parentPolicy:
fn::invoke:
function: nsxt:getPolicyParentIntrusionServicePolicy
arguments:
displayName: production-ids-policy
Example coming soon!
Multi-Tenancy
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const demoproj = nsxt.getPolicyProject({
displayName: "demoproj",
});
const parentPolicy = demoproj.then(demoproj => nsxt.getPolicyParentIntrusionServicePolicy({
context: {
projectId: demoproj.id,
},
displayName: "production-ids-policy",
}));
import pulumi
import pulumi_nsxt as nsxt
demoproj = nsxt.get_policy_project(display_name="demoproj")
parent_policy = nsxt.get_policy_parent_intrusion_service_policy(context={
"project_id": demoproj.id,
},
display_name="production-ids-policy")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
demoproj, err := nsxt.LookupPolicyProject(ctx, &nsxt.LookupPolicyProjectArgs{
DisplayName: pulumi.StringRef("demoproj"),
}, nil)
if err != nil {
return err
}
_, err = nsxt.LookupPolicyParentIntrusionServicePolicy(ctx, &nsxt.LookupPolicyParentIntrusionServicePolicyArgs{
Context: nsxt.GetPolicyParentIntrusionServicePolicyContext{
ProjectId: demoproj.Id,
},
DisplayName: pulumi.StringRef("production-ids-policy"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var demoproj = Nsxt.GetPolicyProject.Invoke(new()
{
DisplayName = "demoproj",
});
var parentPolicy = Nsxt.GetPolicyParentIntrusionServicePolicy.Invoke(new()
{
Context = new Nsxt.Inputs.GetPolicyParentIntrusionServicePolicyContextInputArgs
{
ProjectId = demoproj.Apply(getPolicyProjectResult => getPolicyProjectResult.Id),
},
DisplayName = "production-ids-policy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyProjectArgs;
import com.pulumi.nsxt.inputs.GetPolicyParentIntrusionServicePolicyArgs;
import com.pulumi.nsxt.inputs.GetPolicyParentIntrusionServicePolicyContextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var demoproj = NsxtFunctions.getPolicyProject(GetPolicyProjectArgs.builder()
.displayName("demoproj")
.build());
final var parentPolicy = NsxtFunctions.getPolicyParentIntrusionServicePolicy(GetPolicyParentIntrusionServicePolicyArgs.builder()
.context(GetPolicyParentIntrusionServicePolicyContextArgs.builder()
.projectId(demoproj.id())
.build())
.displayName("production-ids-policy")
.build());
}
}
variables:
demoproj:
fn::invoke:
function: nsxt:getPolicyProject
arguments:
displayName: demoproj
parentPolicy:
fn::invoke:
function: nsxt:getPolicyParentIntrusionServicePolicy
arguments:
context:
projectId: ${demoproj.id}
displayName: production-ids-policy
Example coming soon!
Using getPolicyParentIntrusionServicePolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyParentIntrusionServicePolicy(args: GetPolicyParentIntrusionServicePolicyArgs, opts?: InvokeOptions): Promise<GetPolicyParentIntrusionServicePolicyResult>
function getPolicyParentIntrusionServicePolicyOutput(args: GetPolicyParentIntrusionServicePolicyOutputArgs, opts?: InvokeOptions): Output<GetPolicyParentIntrusionServicePolicyResult>def get_policy_parent_intrusion_service_policy(category: Optional[str] = None,
context: Optional[GetPolicyParentIntrusionServicePolicyContext] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
domain: Optional[str] = None,
id: Optional[str] = None,
tags: Optional[Sequence[GetPolicyParentIntrusionServicePolicyTag]] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyParentIntrusionServicePolicyResult
def get_policy_parent_intrusion_service_policy_output(category: pulumi.Input[Optional[str]] = None,
context: pulumi.Input[Optional[GetPolicyParentIntrusionServicePolicyContextArgs]] = None,
description: pulumi.Input[Optional[str]] = None,
display_name: pulumi.Input[Optional[str]] = None,
domain: pulumi.Input[Optional[str]] = None,
id: pulumi.Input[Optional[str]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[GetPolicyParentIntrusionServicePolicyTagArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyParentIntrusionServicePolicyResult]func LookupPolicyParentIntrusionServicePolicy(ctx *Context, args *LookupPolicyParentIntrusionServicePolicyArgs, opts ...InvokeOption) (*LookupPolicyParentIntrusionServicePolicyResult, error)
func LookupPolicyParentIntrusionServicePolicyOutput(ctx *Context, args *LookupPolicyParentIntrusionServicePolicyOutputArgs, opts ...InvokeOption) LookupPolicyParentIntrusionServicePolicyResultOutput> Note: This function is named LookupPolicyParentIntrusionServicePolicy in the Go SDK.
public static class GetPolicyParentIntrusionServicePolicy
{
public static Task<GetPolicyParentIntrusionServicePolicyResult> InvokeAsync(GetPolicyParentIntrusionServicePolicyArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyParentIntrusionServicePolicyResult> Invoke(GetPolicyParentIntrusionServicePolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyParentIntrusionServicePolicyResult> getPolicyParentIntrusionServicePolicy(GetPolicyParentIntrusionServicePolicyArgs args, InvokeOptions options)
public static Output<GetPolicyParentIntrusionServicePolicyResult> getPolicyParentIntrusionServicePolicy(GetPolicyParentIntrusionServicePolicyArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyParentIntrusionServicePolicy:getPolicyParentIntrusionServicePolicy
arguments:
# arguments dictionarydata "nsxt_getpolicyparentintrusionservicepolicy" "name" {
# arguments
}The following arguments are supported:
- Category string
- Category of the policy.
- Context
Get
Policy Parent Intrusion Service Policy Context - The context which the object belongs to
- Description string
- The description of the resource.
- Display
Name string - The display name of the policy to retrieve.
- Domain string
- The domain of the policy. Defaults to
default. - Id string
- The ID of the policy to retrieve.
-
List<Get
Policy Parent Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Category string
- Category of the policy.
- Context
Get
Policy Parent Intrusion Service Policy Context - The context which the object belongs to
- Description string
- The description of the resource.
- Display
Name string - The display name of the policy to retrieve.
- Domain string
- The domain of the policy. Defaults to
default. - Id string
- The ID of the policy to retrieve.
-
[]Get
Policy Parent Intrusion Service Policy Tag - A list of scope + tag pairs to associate with this policy.
- category string
- Category of the policy.
- context object
- The context which the object belongs to
- description string
- The description of the resource.
- display_
name string - The display name of the policy to retrieve.
- domain string
- The domain of the policy. Defaults to
default. - id string
- The ID of the policy to retrieve.
- list(object)
- A list of scope + tag pairs to associate with this policy.
- category String
- Category of the policy.
- context
Get
Policy Parent Intrusion Service Policy Context - The context which the object belongs to
- description String
- The description of the resource.
- display
Name String - The display name of the policy to retrieve.
- domain String
- The domain of the policy. Defaults to
default. - id String
- The ID of the policy to retrieve.
-
List<Get
Policy Parent Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- category string
- Category of the policy.
- context
Get
Policy Parent Intrusion Service Policy Context - The context which the object belongs to
- description string
- The description of the resource.
- display
Name string - The display name of the policy to retrieve.
- domain string
- The domain of the policy. Defaults to
default. - id string
- The ID of the policy to retrieve.
-
Get
Policy Parent Intrusion Service Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- category str
- Category of the policy.
- context
Get
Policy Parent Intrusion Service Policy Context - The context which the object belongs to
- description str
- The description of the resource.
- display_
name str - The display name of the policy to retrieve.
- domain str
- The domain of the policy. Defaults to
default. - id str
- The ID of the policy to retrieve.
-
Sequence[Get
Policy Parent Intrusion Service Policy Tag] - A list of scope + tag pairs to associate with this policy.
- category String
- Category of the policy.
- context Property Map
- The context which the object belongs to
- description String
- The description of the resource.
- display
Name String - The display name of the policy to retrieve.
- domain String
- The domain of the policy. Defaults to
default. - id String
- The ID of the policy to retrieve.
- List<Property Map>
- A list of scope + tag pairs to associate with this policy.
getPolicyParentIntrusionServicePolicy Result
The following output properties are available:
- Category string
- Comments string
- Comments for security policy lock/unlock.
- Description string
- The description of the resource.
- Display
Name string - Id string
- Locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- Path string
- The NSX path of the policy resource.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server.
- Sequence
Number double - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- Stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- Context
Get
Policy Parent Intrusion Service Policy Context - Domain string
-
List<Get
Policy Parent Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Category string
- Comments string
- Comments for security policy lock/unlock.
- Description string
- The description of the resource.
- Display
Name string - Id string
- Locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- Path string
- The NSX path of the policy resource.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server.
- Sequence
Number float64 - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- Stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- Context
Get
Policy Parent Intrusion Service Policy Context - Domain string
-
[]Get
Policy Parent Intrusion Service Policy Tag - A list of scope + tag pairs to associate with this policy.
- category string
- comments string
- Comments for security policy lock/unlock.
- description string
- The description of the resource.
- display_
name string - id string
- locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path string
- The NSX path of the policy resource.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence_
number number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- context object
- domain string
- list(object)
- A list of scope + tag pairs to associate with this policy.
- category String
- comments String
- Comments for security policy lock/unlock.
- description String
- The description of the resource.
- display
Name String - id String
- locked Boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path String
- The NSX path of the policy resource.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number Double - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful Boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- context
Get
Policy Parent Intrusion Service Policy Context - domain String
-
List<Get
Policy Parent Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- category string
- comments string
- Comments for security policy lock/unlock.
- description string
- The description of the resource.
- display
Name string - id string
- locked boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path string
- The NSX path of the policy resource.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- context
Get
Policy Parent Intrusion Service Policy Context - domain string
-
Get
Policy Parent Intrusion Service Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- category str
- comments str
- Comments for security policy lock/unlock.
- description str
- The description of the resource.
- display_
name str - id str
- locked bool
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path str
- The NSX path of the policy resource.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence_
number float - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful bool
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- context
Get
Policy Parent Intrusion Service Policy Context - domain str
-
Sequence[Get
Policy Parent Intrusion Service Policy Tag] - A list of scope + tag pairs to associate with this policy.
- category String
- comments String
- Comments for security policy lock/unlock.
- description String
- The description of the resource.
- display
Name String - id String
- locked Boolean
- Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy.
- path String
- The NSX path of the policy resource.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server.
- sequence
Number Number - This field is used to resolve conflicts between multiple policies that have rules that match the same packet.
- stateful Boolean
- When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Note: Intrusion Service Policies are always stateful.
- context Property Map
- domain String
- List<Property Map>
- A list of scope + tag pairs to associate with this policy.
Supporting Types
GetPolicyParentIntrusionServicePolicyContext
- Project
Id string - The ID of the project which the object belongs to
- Project
Id string - The ID of the project which the object belongs to
- project_
id string - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
- project
Id string - The ID of the project which the object belongs to
- project_
id str - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
GetPolicyParentIntrusionServicePolicyTag
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware