Update Network Security Group | NVIDIA Infra Controller

curl -X PATCH https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId \
     -H "Authorization: Bearer <token>" \
     -H "Content-Type: application/json" \
     -d '{
  "name": "Spark VPC Firewall",
  "description": "Security policies for machines in Spark VPC",
  "rules": [
    {
      "direction": "INGRESS",
      "protocol": "TCP",
      "action": "PERMIT",
      "sourcePrefix": "0.0.0.0/0",
      "destinationPrefix": "1.1.1.1/0",
      "name": "allow-http-from-public",
      "sourcePortRange": "80-81",
      "destinationPortRange": "180-181",
      "priority": 55
    }
  ],
  "labels": {
    "flavor": "coconut"
  }
}'

{
  "id": "2a21cf79-ea5e-4d28-b585-2e78948fcefb",
  "name": "Spark VPC Firewall",
  "description": "Security policies for machines in Spark VPC",
  "siteId": "56f1a3ed-3653-454f-b861-9136207be660",
  "tenantId": "79595ebe-934f-4f19-bc74-c16aefd0c57a",
  "status": "Pending",
  "statusHistory": [
    {
      "status": "Ready",
      "message": "processed network security group creation request",
      "created": "2025-02-26T18:17:44.862879-05:00",
      "updated": "2025-02-26T18:17:44.862879-05:00"
    }
  ],
  "rules": [
    {
      "direction": "INGRESS",
      "protocol": "TCP",
      "action": "PERMIT",
      "sourcePrefix": "0.0.0.0/0",
      "destinationPrefix": "1.1.1.1/0",
      "name": "allow-http-from-public",
      "sourcePortRange": "80-81",
      "destinationPortRange": "180-181",
      "priority": 55
    }
  ],
  "labels": {
    "flavor": "coconut"
  },
  "created": "2025-02-26T18:17:44.861317-05:00",
  "updated": "2025-02-26T18:17:44.861317-05:00"
}

Update a Network Security Group by ID

Org must have a Tenant entity. Instance must belong to Tenant. User must have FORGE_TENANT_ADMIN authorization role.

After a group has been created, policy updates are absolute. The complete desired policy set must be specified.

Authentication

AuthorizationBearer

export JWT_BEARER_TOKEN="<jwt-bearer-token>"
# Example org name: "acme-inc
export ORG_NAME=<org-name>
# Use the JWT bearer token in your API request auth header:
curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current

``` export JWT_BEARER_TOKEN="<jwt-bearer-token>" # Example org name: "acme-inc export ORG_NAME=<org-name> # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ```

Path parameters

orgstringRequired

networkSecurityGroupIdstringRequired

Request

This endpoint expects an object.

namestring or nullOptional2-256 characters

descriptionstring or nullOptional

statefulEgressbooleanOptional

Egress rules with protocol and destination ports defined but without source ports defined should automatically be made stateful.

ruleslist of objectsOptional

Update rules of the NetworkSecurityGroup. The rules will be entirely replaced by those sent in the request. Any rules not included in the request will be removed. To retain existing rules, first fetch them and include them.

labelsmap from strings to stringsOptional

Response

idstring

namestring2-256 characters

descriptionstring

siteIdstringformat: "uuid"

tenantIdstringformat: "uuid"

statusenum

Status values for Network Security Group objects

Allowed values:

statusHistorylist of objects

statefulEgressboolean

ruleslist of objects

labelsmap from strings to strings

createddatetime

updateddatetime

Errors

400

Bad Request Error

403

Forbidden Error

404

Not Found Error

500

Internal Server Error

501

Not Implemented Error