While pounding my head over trying to figure out the proper authentication and header settings to configure when calling the NSX REST API from Powershell I came across a post on Chris Wahl’s blog that included a function that already had all that worked into it. It didn’t take much to re-purpose for my needs -a function that (when passed an API call) return the XML response as a Powershell object.
My version includes hard-coded admin credentials which is fine in my hermetically sealed environments but most admins might want to keep Chris’ passed-authentication method.
function NSXAPI {
<# .SYNOPSIS Gathers NSX details from NSX Manager
.DESCRIPTION Accepts API call, returns Object generated from XML result of call
.NOTES
.STOLEN SHAMELESSLY FROM: Chris Wahl, @ChrisWahl, WahlNetwork.com
.PARAMETER Request The API call
.EXAMPLE PS> NSXAPI https://192.168.110.42/api/2.0/vdn/controller
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true,Position=0)]
[String]$Request
)
Process {
$Username = "admin"
$Password = "VMware1!"
$NSXManager = "192.168.110.42"
### Ignore TLS/SSL errors
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
### Create authorization string and store in $head
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Username + ":" + $Password))
$head = @{"Authorization"="Basic $auth"}
### Connect to NSX Manager via API
$r = Invoke-WebRequest -Uri $Request -Headers $head -ContentType "application/xml" -ErrorAction:Stop
[xml]$rxml = $r.Content
$rxml
} # End of process
} # End of function
Some uses:
$c = NSXAPI "https://192.168.110.42/api/2.0/vdn/controller"
$s = NSXAPI "https://192.168.110.42/api/2.0/vdn/scopes"
$v = NSXAPI "https://192.168.110.42/api/2.0/vdn/virtualwires"
Get all edge devices
$edges = NSXApi https://192.168.110.42/api/4.0/edges
Retrieve the settings for a specific edge, by polling the list of all edges for a specific name
$NS = NSXApi ("https://192.168.110.42/api/4.0/edges/" + ($edges.pagedEdgeList.edgePage.edgeSummary | where {$_.name -eq "North-South"}).objectid)
Note that the API guide doesn’t list all the possible calls you can make, for example how to retrieve the global accessgroup/security group configuration. However, you can piece things together from similar topics,
While the GET string to retrieve the list of all security groups is not listed, the string to get specific ones is
GET https:///api/2.0/services/applicationgroup/<applicationgroup-id>
Terrific, but how do you get a list of all of them?
In several places “globalroot-0” is listed as a top-level designation, sticking that on the end like so:
https://192.168.110.42/api/2.0/services/applicationgroup/scope/globalroot-0
will return all the application group info including security groups for the NSX manager.
Thanks for the code Chris!
7 Responses to Accessing NSX API from Powershell