Create Network Security Group | NVIDIA Infra Controller

curl -X POST https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group \
     -H "Authorization: Bearer <token>" \
     -H "Content-Type: application/json" \
     -d '{
  "name": "Spark VPC Firewall",
  "siteId": "188a8f32-0001-45cf-b243-f62720a22cc4",
  "description": "Security policies for machines in Spark VPC",
  "rules": [
    {
      "direction": "INGRESS",
      "protocol": "TCP",
      "action": "PERMIT",
      "sourcePrefix": "0.0.0.0/0",
      "destinationPrefix": "1.1.1.1/0",
      "name": "allow-http-from-public",
      "sourcePortRange": "80-81",
      "destinationPortRange": "180-181",
      "priority": 55
    }
  ],
  "labels": {
    "flavor": "coconut"
  }
}'

{
  "id": "2a21cf79-ea5e-4d28-b585-2e78948fcefb",
  "name": "Spark VPC Firewall",
  "description": "Security policies for machines in Spark VPC",
  "siteId": "56f1a3ed-3653-454f-b861-9136207be660",
  "tenantId": "79595ebe-934f-4f19-bc74-c16aefd0c57a",
  "status": "Pending",
  "statusHistory": [
    {
      "status": "Ready",
      "message": "processed network security group creation request",
      "created": "2025-02-26T18:17:44.862879-05:00",
      "updated": "2025-02-26T18:17:44.862879-05:00"
    }
  ],
  "rules": [
    {
      "direction": "INGRESS",
      "protocol": "TCP",
      "action": "PERMIT",
      "sourcePrefix": "0.0.0.0/0",
      "destinationPrefix": "1.1.1.1/0",
      "name": "allow-http-from-public",
      "sourcePortRange": "80-81",
      "destinationPortRange": "180-181",
      "priority": 55
    }
  ],
  "labels": {
    "flavor": "coconut"
  },
  "created": "2025-02-26T18:17:44.861317-05:00",
  "updated": "2025-02-26T18:17:44.861317-05:00"
}

Create a Network Security Group for Tenant.

Org must have a Tenant entity. User must have FORGE_TENANT_ADMIN authorization role.

Authentication

AuthorizationBearer

export JWT_BEARER_TOKEN="<jwt-bearer-token>"
# Example org name: "acme-inc
export ORG_NAME=<org-name>
# Use the JWT bearer token in your API request auth header:
curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current

``` export JWT_BEARER_TOKEN="<jwt-bearer-token>" # Example org name: "acme-inc export ORG_NAME=<org-name> # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ```

Path parameters

orgstringRequired

Request

This endpoint expects an object.

namestringRequired2-256 characters

siteIdstringRequiredformat: "uuid"

descriptionstringOptional

statefulEgressbooleanOptional

Egress rules with protocol and destination ports defined but without source ports defined should automatically be made stateful.

ruleslist of objectsOptional

labelsmap from strings to stringsOptional

Response

Created

idstring

namestring2-256 characters

descriptionstring

siteIdstringformat: "uuid"

tenantIdstringformat: "uuid"

statusenum

Status values for Network Security Group objects

Allowed values:

statusHistorylist of objects

statefulEgressboolean

ruleslist of objects

labelsmap from strings to strings

createddatetime

updateddatetime

Errors

400

Bad Request Error

403

Forbidden Error

404

Not Found Error

412

Precondition Failed Error

500

Internal Server Error

501

Not Implemented Error