> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.nvidia.com/infra-controller/llms.txt. > For full documentation content, see https://docs.nvidia.com/infra-controller/llms-full.txt. # Update Network Security Group PATCH https://carbide-rest-api.carbide.svc.cluster.local/v2/org/{org}/carbide/network-security-group/{networkSecurityGroupId} Content-Type: application/json Update a Network Security Group by ID Org must have a Tenant entity. Instance must belong to Tenant. User must have `FORGE_TENANT_ADMIN` authorization role. After a group has been created, policy updates are absolute. The complete desired policy set must be specified. Reference: https://docs.nvidia.com/infra-controller/infra-controller/rest-api-reference/api-reference/network-security-group/update-network-security-group ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: NCX Infra Controller REST API version: 1.0.0 paths: /v2/org/{org}/carbide/network-security-group/{networkSecurityGroupId}: patch: operationId: update-network-security-group summary: Update Network Security Group description: >- Update a Network Security Group by ID Org must have a Tenant entity. Instance must belong to Tenant. User must have `FORGE_TENANT_ADMIN` authorization role. After a group has been created, policy updates are absolute. The complete desired policy set must be specified. tags: - subpackage_networkSecurityGroup parameters: - name: org in: path required: true schema: type: string - name: networkSecurityGroupId in: path required: true schema: type: string - name: Authorization in: header description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ``` required: true schema: type: string responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/NetworkSecurityGroup' '400': description: Error response when request data cannot be validated content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '403': description: >- Error response when user is not authorized to call an endpoint or retrieve/modify objects content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '404': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '500': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' '501': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/CarbideAPIError' requestBody: content: application/json: schema: $ref: '#/components/schemas/NetworkSecurityGroupUpdateRequest' servers: - url: https://carbide-rest-api.carbide.svc.cluster.local components: schemas: NetworkSecurityGroupRuleDirection: type: string enum: - INGRESS - EGRESS title: NetworkSecurityGroupRuleDirection NetworkSecurityGroupRuleProtocol: type: string enum: - TCP - UDP - ICMP - ANY title: NetworkSecurityGroupRuleProtocol NetworkSecurityGroupRuleAction: type: string enum: - PERMIT - DENY title: NetworkSecurityGroupRuleAction NetworkSecurityGroupRule: type: object properties: name: type: - string - 'null' direction: $ref: '#/components/schemas/NetworkSecurityGroupRuleDirection' sourcePortRange: type: - string - 'null' destinationPortRange: type: - string - 'null' protocol: $ref: '#/components/schemas/NetworkSecurityGroupRuleProtocol' action: $ref: '#/components/schemas/NetworkSecurityGroupRuleAction' priority: type: integer sourcePrefix: type: string destinationPrefix: type: string required: - direction - protocol - action - sourcePrefix - destinationPrefix description: Aggregation of Network Security Group rules title: NetworkSecurityGroupRule Labels: type: object additionalProperties: type: string title: Labels NetworkSecurityGroupUpdateRequest: type: object properties: name: type: - string - 'null' description: type: - string - 'null' statefulEgress: type: boolean description: >- Egress rules with protocol and destination ports defined but without source ports defined should automatically be made stateful. rules: type: array items: $ref: '#/components/schemas/NetworkSecurityGroupRule' description: >- Update rules of the NetworkSecurityGroup. The rules will be entirely replaced by those sent in the request. Any rules not included in the request will be removed. To retain existing rules, first fetch them and include them. labels: $ref: '#/components/schemas/Labels' description: Request data to update a Network Security Group title: NetworkSecurityGroupUpdateRequest NetworkSecurityGroupStatus: type: string enum: - Pending - Provisioning - Ready - Deleting - Error description: Status values for Network Security Group objects title: NetworkSecurityGroupStatus StatusDetail: type: object properties: status: type: string message: type: string created: type: string format: date-time updated: type: string format: date-time description: Describes the details of a status transition for a resource title: StatusDetail NetworkSecurityGroup: type: object properties: id: type: string name: type: string description: type: string siteId: type: string format: uuid tenantId: type: string format: uuid status: $ref: '#/components/schemas/NetworkSecurityGroupStatus' statusHistory: type: array items: $ref: '#/components/schemas/StatusDetail' statefulEgress: type: boolean rules: type: array items: $ref: '#/components/schemas/NetworkSecurityGroupRule' labels: $ref: '#/components/schemas/Labels' created: type: string format: date-time updated: type: string format: date-time description: Network Security Group is an aggregate of security policies title: NetworkSecurityGroup CarbideApiErrorSource: type: string enum: - carbide description: Source of the error. Only 'carbide' is supported title: CarbideApiErrorSource CarbideApiErrorData: type: object properties: {} description: Additional data about the error title: CarbideApiErrorData CarbideAPIError: type: object properties: source: $ref: '#/components/schemas/CarbideApiErrorSource' description: Source of the error. Only 'carbide' is supported message: type: string description: Message describing the error data: oneOf: - $ref: '#/components/schemas/CarbideApiErrorData' - type: 'null' description: Additional data about the error description: Describes the error response from NCX Infra Controller REST API title: CarbideAPIError securitySchemes: JWTBearerToken: type: http scheme: bearer description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://carbide-rest-api.carbide.svc.cluster.local/v2/org/$ORG_NAME/carbide/user/current ``` ``` ## SDK Code Examples ```python import requests url = "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId" payload = { "name": "Spark VPC Firewall", "description": "Security policies for machines in Spark VPC", "rules": [ { "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 } ], "labels": { "flavor": "coconut" } } headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.patch(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId'; const options = { method: 'PATCH', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{"name":"Spark VPC Firewall","description":"Security policies for machines in Spark VPC","rules":[{"direction":"INGRESS","protocol":"TCP","action":"PERMIT","sourcePrefix":"0.0.0.0/0","destinationPrefix":"1.1.1.1/0","name":"allow-http-from-public","sourcePortRange":"80-81","destinationPortRange":"180-181","priority":55}],"labels":{"flavor":"coconut"}}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId" payload := strings.NewReader("{\n \"name\": \"Spark VPC Firewall\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}") req, _ := http.NewRequest("PATCH", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Patch.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{\n \"name\": \"Spark VPC Firewall\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.patch("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{\n \"name\": \"Spark VPC Firewall\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}") .asString(); ``` ```php request('PATCH', 'https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId', [ 'body' => '{ "name": "Spark VPC Firewall", "description": "Security policies for machines in Spark VPC", "rules": [ { "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 } ], "labels": { "flavor": "coconut" } }', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId"); var request = new RestRequest(Method.PATCH); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"name\": \"Spark VPC Firewall\",\n \"description\": \"Security policies for machines in Spark VPC\",\n \"rules\": [\n {\n \"direction\": \"INGRESS\",\n \"protocol\": \"TCP\",\n \"action\": \"PERMIT\",\n \"sourcePrefix\": \"0.0.0.0/0\",\n \"destinationPrefix\": \"1.1.1.1/0\",\n \"name\": \"allow-http-from-public\",\n \"sourcePortRange\": \"80-81\",\n \"destinationPortRange\": \"180-181\",\n \"priority\": 55\n }\n ],\n \"labels\": {\n \"flavor\": \"coconut\"\n }\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [ "name": "Spark VPC Firewall", "description": "Security policies for machines in Spark VPC", "rules": [ [ "direction": "INGRESS", "protocol": "TCP", "action": "PERMIT", "sourcePrefix": "0.0.0.0/0", "destinationPrefix": "1.1.1.1/0", "name": "allow-http-from-public", "sourcePortRange": "80-81", "destinationPortRange": "180-181", "priority": 55 ] ], "labels": ["flavor": "coconut"] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://carbide-rest-api.carbide.svc.cluster.local/v2/org/org/carbide/network-security-group/networkSecurityGroupId")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "PATCH" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```