Accessing NSX API from Powershell

While pounding my head over trying to figure out the proper authentication and header settings to configure when calling the NSX REST API from Powershell I came across a post on Chris Wahl’s blog that included a function that already had all that worked into it. It didn’t take much to re-purpose for my needs -a function that (when passed an API call) return the XML response as a Powershell object.

My version includes hard-coded admin credentials which is fine in my hermetically sealed environments but most admins might want to keep Chris’ passed-authentication method.

function NSXAPI {
<# .SYNOPSIS Gathers NSX details from NSX Manager
.DESCRIPTION Accepts API call, returns Object generated from XML result of call
.NOTES
.STOLEN SHAMELESSLY FROM: Chris Wahl, @ChrisWahl, WahlNetwork.com
.PARAMETER Request The API call
.EXAMPLE PS> NSXAPI https://192.168.110.42/api/2.0/vdn/controller
#>

[CmdletBinding()]
param(
[Parameter(Mandatory=$true,Position=0)]
[String]$Request
)

Process {
$Username = "admin"
$Password = "VMware1!"
$NSXManager = "192.168.110.42"
### Ignore TLS/SSL errors
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}}
"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

### Create authorization string and store in $head
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Username + ":" + $Password))
$head = @{"Authorization"="Basic $auth"}

### Connect to NSX Manager via API
$r = Invoke-WebRequest -Uri $Request -Headers $head -ContentType "application/xml" -ErrorAction:Stop
[xml]$rxml = $r.Content
$rxml
} # End of process
} # End of function

Some uses:
$c = NSXAPI "https://192.168.110.42/api/2.0/vdn/controller"
$s = NSXAPI "https://192.168.110.42/api/2.0/vdn/scopes"
$v = NSXAPI "https://192.168.110.42/api/2.0/vdn/virtualwires"

Get all edge devices
$edges = NSXApi https://192.168.110.42/api/4.0/edges

Retrieve the settings for a specific edge, by polling the list of all edges for a specific name
$NS = NSXApi ("https://192.168.110.42/api/4.0/edges/" + ($edges.pagedEdgeList.edgePage.edgeSummary | where {$_.name -eq "North-South"}).objectid)

Note that the API guide doesn’t list all the possible calls you can make, for example how to retrieve the global accessgroup/security group configuration. However, you can piece things together from similar topics,

While the GET string to retrieve the list of all security groups is not listed, the string to get specific ones is
GET https:///api/2.0/services/applicationgroup/<applicationgroup-id>

Terrific, but how do you get a list of all of them?

In several places “globalroot-0” is listed as a top-level designation, sticking that on the end like so:

https://192.168.110.42/api/2.0/services/applicationgroup/scope/globalroot-0

will return all the application group info including security groups for the NSX manager.

Thanks for the code Chris!

This entry was posted in Certification, Cloud, Computing, PowerShell, Scripting, Virtualization, VMware. Bookmark the permalink.

7 Responses to Accessing NSX API from Powershell

  1. Hi Joshua,

    I wrote this script last year for some internal VMware labs, you might be interested in: https://github.com/tsugliani/NSX-Scripts/blob/master/nsx-playground.ps1 (some other scripts also available in that repository)

  2. robtate2 says:

    Timo,

    Love your script. However, the function for the Interfaces doesn’t work due to the XML object model.

    I had to change the ForEach loop: $rxml.edge.interfaces.interface

    FYI: This is a result of the XML object tree inside the NSX environment not being “standard”. However, using Chrome’s RESTAPI and the manual commands to pull the config on the specific edge, I was able to easily figure out the tree structure and make changes.

  3. Balsz says:

    This script is inspiring. I am looking for getting the xml content from NSX edge application and check if particular entry is available, update if not using powershell and push through REST call. Any help appreciated.

  4. In this case PowerNSX would let you do exactly what you need. Get-NsxEdge will provide with Edge configuration in XML format which you can update and push back using Set-NsxEdge

  5. JAndrews says:

    Yes, since this blog post PowerNSX has been released which does lots of cool stuff.

    However, not all NSX APIs are available via PowerNSX yet, so this is still relevant.

    Thanks for reading.

Leave a Reply