> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.nvidia.com/infra-controller/llms.txt. > For full documentation content, see https://docs.nvidia.com/infra-controller/llms-full.txt. # Create Network Security Group POST https://carbide-rest-api.carbide.svc.cluster.local/v2/org/{org}/carbide/network-security-group Content-Type: application/json Create a Network Security Group for Tenant. Org must have a Tenant entity. User must have `FORGE_TENANT_ADMIN` authorization role. Reference: https://docs.nvidia.com/infra-controller/infra-controller/rest-api-reference/api-reference/network-security-group/create-network-security-group ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: NCX Infra Controller REST API version: 1.0.0 paths: /v2/org/{org}/carbide/network-security-group: post: operationId: create-network-security-group summary: Create Network Security Group description: > Create a Network Security Group for Tenant. Org must have a Tenant entity. User must have `FORGE_TENANT_ADMIN` authorization role. tags: - subpackage_networkSecurityGroup parameters: - name: org in: path required: true schema: type: string - name: Authorization in: header description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ``` required: true schema: type: string responses: '201': description: Created content: application/json: schema: $ref: '#/components/schemas/NetworkSecurityGroup' '400': description: Error response when request data cannot be validated content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '403': description: >- Error response when user is not authorized to call an endpoint or retrieve/modify objects content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '404': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '412': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '500': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '501': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' requestBody: content: application/json: schema: $ref: '#/components/schemas/NetworkSecurityGroupCreateRequest' servers: - url: https://carbide-rest-api.carbide.svc.cluster.local components: schemas: NetworkSecurityGroupRuleDirection: type: string enum: - INGRESS - EGRESS title: NetworkSecurityGroupRuleDirection NetworkSecurityGroupRuleProtocol: type: string enum: - TCP - UDP - ICMP - ANY title: NetworkSecurityGroupRuleProtocol NetworkSecurityGroupRuleAction: type: string enum: - PERMIT - DENY title: NetworkSecurityGroupRuleAction NetworkSecurityGroupRule: type: object properties: name: type: - string - 'null' direction: $ref: '#/components/schemas/NetworkSecurityGroupRuleDirection' sourcePortRange: type: - string - 'null' destinationPortRange: type: - string - 'null' protocol: $ref: '#/components/schemas/NetworkSecurityGroupRuleProtocol' action: $ref: '#/components/schemas/NetworkSecurityGroupRuleAction' priority: type: integer sourcePrefix: type: string destinationPrefix: type: string required: - direction - protocol - action - sourcePrefix - destinationPrefix description: Aggregation of Network Security Group rules title: NetworkSecurityGroupRule Labels: type: object additionalProperties: type: string title: Labels NetworkSecurityGroupCreateRequest: type: object properties: name: type: string description: type: string siteId: type: string format: uuid statefulEgress: type: boolean description: >- Egress rules with protocol and destination ports defined but without source ports defined should automatically be made stateful. rules: type: array items: $ref: '#/components/schemas/NetworkSecurityGroupRule' labels: $ref: '#/components/schemas/Labels' required: - name - siteId description: Request data to create a Network Security Group title: NetworkSecurityGroupCreateRequest NetworkSecurityGroupStatus: type: string enum: - Pending - Provisioning - Ready - Deleting - Error description: Status values for Network Security Group objects title: NetworkSecurityGroupStatus StatusDetail: type: object properties: status: type: string message: type: string created: type: string format: date-time updated: type: string format: date-time description: Describes the details of a status transition for a resource title: StatusDetail NetworkSecurityGroup: type: object properties: id: type: string name: type: string description: type: string siteId: type: string format: uuid tenantId: type: string format: uuid status: $ref: '#/components/schemas/NetworkSecurityGroupStatus' statusHistory: type: array items: $ref: '#/components/schemas/StatusDetail' statefulEgress: type: boolean rules: type: array items: $ref: '#/components/schemas/NetworkSecurityGroupRule' labels: $ref: '#/components/schemas/Labels' created: type: string format: date-time updated: type: string format: date-time description: Network Security Group is an aggregate of security policies title: NetworkSecurityGroup CarbideApiErrorSource: type: string enum: - carbide description: Source of the error. Only 'carbide' is supported title: CarbideApiErrorSource CarbideApiErrorData: type: object properties: {} description: Additional data about the error title: CarbideApiErrorData CarbideAPIError: type: object properties: source: $ref: '#/components/schemas/CarbideApiErrorSource' description: Source of the error. Only 'carbide' is supported message: type: string description: Message describing the error data: oneOf: - $ref: '#/components/schemas/CarbideApiErrorData' - type: 'null' description: Additional data about the error description: Describes the error response from NCX Infra Controller REST API title: CarbideAPIError securitySchemes: JWTBearerToken: type: http scheme: bearer description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ``` ``` ## SDK Code Examples ```python import requests url = "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group" payload = { "name": "Spark VPC Firewall", "siteId": "188a8f32-0001-45cf-b243-f62720a22cc4", "description": "Security policies for machines in Spark VPC", "rules": [ { "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 } ], "labels": { "flavor": "coconut" } } headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group'; const options = { method: 'POST', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{"name":"Spark VPC Firewall","siteId":"188a8f32-0001-45cf-b243-f62720a22cc4","description":"Security policies for machines in Spark VPC","rules":[{"direction":"INGRESS","protocol":"TCP","action":"PERMIT","sourcePrefix":"0.0.0.0/0","destinationPrefix":"1.1.1.1/0","name":"allow-http-from-public","sourcePortRange":"80-81","destinationPortRange":"180-181","priority":55}],"labels":{"flavor":"coconut"}}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group" payload := strings.NewReader("{\n \"name\": \"Spark VPC Firewall\",\n \"siteId\": \"188a8f32-0001-45cf-b243-f62720a22cc4\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{\n \"name\": \"Spark VPC Firewall\",\n \"siteId\": \"188a8f32-0001-45cf-b243-f62720a22cc4\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{\n \"name\": \"Spark VPC Firewall\",\n \"siteId\": \"188a8f32-0001-45cf-b243-f62720a22cc4\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}") .asString(); ``` ```php request('POST', 'https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group', [ 'body' => '{ "name": "Spark VPC Firewall", "siteId": "188a8f32-0001-45cf-b243-f62720a22cc4", "description": "Security policies for machines in Spark VPC", "rules": [ { "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 } ], "labels": { "flavor": "coconut" } }', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"name\": \"Spark VPC Firewall\",\n \"siteId\": \"188a8f32-0001-45cf-b243-f62720a22cc4\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [ "name": "Spark VPC Firewall", "siteId": "188a8f32-0001-45cf-b243-f62720a22cc4", "description": "Security policies for machines in Spark VPC", "rules": [ [ "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 ] ], "labels": ["flavor": "coconut"] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```