Docs Home
nsxt 3.8.2 published on Tuesday, May 6, 2025 by vmware
nsxt.getPolicyGroups
Explore with Pulumi AI
This data source builds a “name to paths” map of the whole policy Groups table. Such map can be referenced in configuration to obtain object identifier attributes by display name at a cost of single roundtrip to NSX, which improves apply and refresh
time at scale, compared to multiple instances of nsxt.PolicyGroup data source.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const map = nsxt.getPolicyGroups({});
const test = new nsxt.PolicyPredefinedSecurityPolicy("test", {
path: data.nsxt_policy_security_policy.default_l3.path,
tags: [{
scope: "color",
tag: "orange",
}],
rules: [
{
displayName: "allow_icmp",
destinationGroups: [
data.nsxt_policy_groups.items.Cats,
data.nsxt_policy_groups.items.Dogs,
],
action: "ALLOW",
services: [nsxt_policy_service.icmp.path],
logged: true,
},
{
displayName: "allow_udp",
sourceGroups: [data.nsxt_policy_groups.items.Fish],
sourcesExcluded: true,
scopes: [data.nsxt_policy_groups.items.Aquarium],
action: "ALLOW",
services: [nsxt_policy_service.udp.path],
logged: true,
disabled: true,
},
],
defaultRule: {
action: "DROP",
},
});
import pulumi
import pulumi_nsxt as nsxt
map = nsxt.get_policy_groups()
test = nsxt.PolicyPredefinedSecurityPolicy("test",
path=data["nsxt_policy_security_policy"]["default_l3"]["path"],
tags=[{
"scope": "color",
"tag": "orange",
}],
rules=[
{
"display_name": "allow_icmp",
"destination_groups": [
data["nsxt_policy_groups"]["items"]["Cats"],
data["nsxt_policy_groups"]["items"]["Dogs"],
],
"action": "ALLOW",
"services": [nsxt_policy_service["icmp"]["path"]],
"logged": True,
},
{
"display_name": "allow_udp",
"source_groups": [data["nsxt_policy_groups"]["items"]["Fish"]],
"sources_excluded": True,
"scopes": [data["nsxt_policy_groups"]["items"]["Aquarium"]],
"action": "ALLOW",
"services": [nsxt_policy_service["udp"]["path"]],
"logged": True,
"disabled": True,
},
],
default_rule={
"action": "DROP",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := nsxt.GetPolicyGroups(ctx, &nsxt.GetPolicyGroupsArgs{}, nil)
if err != nil {
return err
}
_, err = nsxt.NewPolicyPredefinedSecurityPolicy(ctx, "test", &nsxt.PolicyPredefinedSecurityPolicyArgs{
Path: pulumi.Any(data.Nsxt_policy_security_policy.Default_l3.Path),
Tags: nsxt.PolicyPredefinedSecurityPolicyTagArray{
&nsxt.PolicyPredefinedSecurityPolicyTagArgs{
Scope: pulumi.String("color"),
Tag: pulumi.String("orange"),
},
},
Rules: nsxt.PolicyPredefinedSecurityPolicyRuleArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_icmp"),
DestinationGroups: pulumi.StringArray{
data.Nsxt_policy_groups.Items.Cats,
data.Nsxt_policy_groups.Items.Dogs,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Icmp.Path,
},
Logged: pulumi.Bool(true),
},
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_udp"),
SourceGroups: pulumi.StringArray{
data.Nsxt_policy_groups.Items.Fish,
},
SourcesExcluded: pulumi.Bool(true),
Scopes: pulumi.StringArray{
data.Nsxt_policy_groups.Items.Aquarium,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Udp.Path,
},
Logged: pulumi.Bool(true),
Disabled: pulumi.Bool(true),
},
},
DefaultRule: &nsxt.PolicyPredefinedSecurityPolicyDefaultRuleArgs{
Action: pulumi.String("DROP"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var map = Nsxt.GetPolicyGroups.Invoke();
var test = new Nsxt.PolicyPredefinedSecurityPolicy("test", new()
{
Path = data.Nsxt_policy_security_policy.Default_l3.Path,
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyTagArgs
{
Scope = "color",
Tag = "orange",
},
},
Rules = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_icmp",
DestinationGroups = new[]
{
data.Nsxt_policy_groups.Items.Cats,
data.Nsxt_policy_groups.Items.Dogs,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Icmp.Path,
},
Logged = true,
},
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_udp",
SourceGroups = new[]
{
data.Nsxt_policy_groups.Items.Fish,
},
SourcesExcluded = true,
Scopes = new[]
{
data.Nsxt_policy_groups.Items.Aquarium,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Udp.Path,
},
Logged = true,
Disabled = true,
},
},
DefaultRule = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs
{
Action = "DROP",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyGroupsArgs;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicy;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicyArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyTagArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyRuleArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var map = NsxtFunctions.getPolicyGroups();
var test = new PolicyPredefinedSecurityPolicy("test", PolicyPredefinedSecurityPolicyArgs.builder()
.path(data.nsxt_policy_security_policy().default_l3().path())
.tags(PolicyPredefinedSecurityPolicyTagArgs.builder()
.scope("color")
.tag("orange")
.build())
.rules(
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_icmp")
.destinationGroups(
data.nsxt_policy_groups().items().Cats(),
data.nsxt_policy_groups().items().Dogs())
.action("ALLOW")
.services(nsxt_policy_service.icmp().path())
.logged(true)
.build(),
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_udp")
.sourceGroups(data.nsxt_policy_groups().items().Fish())
.sourcesExcluded(true)
.scopes(data.nsxt_policy_groups().items().Aquarium())
.action("ALLOW")
.services(nsxt_policy_service.udp().path())
.logged(true)
.disabled(true)
.build())
.defaultRule(PolicyPredefinedSecurityPolicyDefaultRuleArgs.builder()
.action("DROP")
.build())
.build());
}
}
resources:
test:
type: nsxt:PolicyPredefinedSecurityPolicy
properties:
path: ${data.nsxt_policy_security_policy.default_l3.path}
tags:
- scope: color
tag: orange
rules:
- displayName: allow_icmp
destinationGroups:
- ${data.nsxt_policy_groups.items.Cats}
- ${data.nsxt_policy_groups.items.Dogs}
action: ALLOW
services:
- ${nsxt_policy_service.icmp.path}
logged: true
- displayName: allow_udp
sourceGroups:
- ${data.nsxt_policy_groups.items.Fish}
sourcesExcluded: true
scopes:
- ${data.nsxt_policy_groups.items.Aquarium}
action: ALLOW
services:
- ${nsxt_policy_service.udp.path}
logged: true
disabled: true
defaultRule:
action: DROP
variables:
map:
fn::invoke:
function: nsxt:getPolicyGroups
arguments: {}
Using getPolicyGroups
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyGroups(args: GetPolicyGroupsArgs, opts?: InvokeOptions): Promise<GetPolicyGroupsResult>
function getPolicyGroupsOutput(args: GetPolicyGroupsOutputArgs, opts?: InvokeOptions): Output<GetPolicyGroupsResult>def get_policy_groups(context: Optional[GetPolicyGroupsContext] = None,
domain: Optional[str] = None,
id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyGroupsResult
def get_policy_groups_output(context: Optional[pulumi.Input[GetPolicyGroupsContextArgs]] = None,
domain: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyGroupsResult]func GetPolicyGroups(ctx *Context, args *GetPolicyGroupsArgs, opts ...InvokeOption) (*GetPolicyGroupsResult, error)
func GetPolicyGroupsOutput(ctx *Context, args *GetPolicyGroupsOutputArgs, opts ...InvokeOption) GetPolicyGroupsResultOutput> Note: This function is named GetPolicyGroups in the Go SDK.
public static class GetPolicyGroups
{
public static Task<GetPolicyGroupsResult> InvokeAsync(GetPolicyGroupsArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyGroupsResult> Invoke(GetPolicyGroupsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyGroupsResult> getPolicyGroups(GetPolicyGroupsArgs args, InvokeOptions options)
public static Output<GetPolicyGroupsResult> getPolicyGroups(GetPolicyGroupsArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyGroups:getPolicyGroups
arguments:
# arguments dictionaryThe following arguments are supported:
- Context
Get
Policy Groups Context - The context which the object belongs to
- Domain string
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - Id string
- Context
Get
Policy Groups Context - The context which the object belongs to
- Domain string
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - Id string
- context
Get
Policy Groups Context - The context which the object belongs to
- domain String
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - id String
- context
Get
Policy Groups Context - The context which the object belongs to
- domain string
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - id string
- context
Get
Policy Groups Context - The context which the object belongs to
- domain str
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - id str
- context Property Map
- The context which the object belongs to
- domain String
- The domain this Group belongs to. For VMware Cloud on AWS use
cgw. For Global Manager, please use site id for this field. If not specified, this field is default todefault. - id String
getPolicyGroups Result
The following output properties are available:
- Id string
- Items Dictionary<string, string>
- Map of policy service policy paths keyed by display name.
- Context
Get
Policy Groups Context - Domain string
- Id string
- Items map[string]string
- Map of policy service policy paths keyed by display name.
- Context
Get
Policy Groups Context - Domain string
- id String
- items Map<String,String>
- Map of policy service policy paths keyed by display name.
- context
Get
Policy Groups Context - domain String
- id string
- items {[key: string]: string}
- Map of policy service policy paths keyed by display name.
- context
Get
Policy Groups Context - domain string
- id str
- items Mapping[str, str]
- Map of policy service policy paths keyed by display name.
- context
Get
Policy Groups Context - domain str
- id String
- items Map<String>
- Map of policy service policy paths keyed by display name.
- context Property Map
- domain String
Supporting Types
GetPolicyGroupsContext
- Project
Id string - The ID of the project which the object belongs to
- Project
Id string - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
- project
Id string - The ID of the project which the object belongs to
- project_
id str - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.