def get_section_id(self, section_name):
"""Retrieve the id of a section from nsx."""
h, firewall_config = self.get_dfw_config()
root = utils.normalize_xml(firewall_config)
for sec in root.iter('section'):
if sec.attrib['name'] == section_name:
return sec.attrib['id']
def get_section_id(self, section_name):
"""Retrieve the id of a section from nsx."""
h, firewall_config = self.get_dfw_config()
root = utils.normalize_xml(firewall_config)
for sec in root.iter('section'):
if sec.attrib['name'] == section_name:
return sec.attrib['id']
def get_security_group_id(self, sg_name):
"""Returns NSXv security group id which match the given name."""
h, secgroups = self.list_security_groups()
root = utils.normalize_xml(secgroups)
for sg in root.iter('securitygroup'):
if sg.find('name').text == sg_name:
return sg.find('objectId').text
def get_security_group_id(self, sg_name):
"""Returns NSXv security group id which match the given name."""
h, secgroups = self.list_security_groups()
root = utils.normalize_xml(secgroups)
for sg in root.iter('securitygroup'):
if sg.find('name').text == sg_name:
return sg.find('objectId').text
def _scopingobjects_lookup(self,
type_names,
object_id,
name=None,
use_cache=False):
"""Look for a specific object in the NSX scoping objects."""
# used cached scoping objects during plugin init since it is
# a big structure to retrieve and parse each time.
if use_cache and self._normalized_scoping_objects is not None:
# Use the cached data
root = self._normalized_scoping_objects
else:
# Not using cache, or we do want to use it,
# but it was not saved yet:
# So get the data from the NSX and parse it
so_list = self.get_scoping_objects()
root = utils.normalize_xml(so_list)
# Save it for possible usage next time (even if not using cache)
self._normalized_scoping_objects = root
for obj in root.iter('object'):
if (obj.find('objectTypeName').text in type_names
and obj.find('objectId').text == object_id
and (name is None or obj.find('name').text == name)):
return True
return False
def get_default_l3_id(self):
"""Retrieve the id of the default l3 section."""
h, firewall_config = self.get_dfw_config()
root = utils.normalize_xml(firewall_config)
for child in root:
if str(child.tag) == 'layer3Sections':
sections = list(child.iter('section'))
default = sections[-1]
return default.attrib['id']
def get_default_l3_id(self):
"""Retrieve the id of the default l3 section."""
h, firewall_config = self.get_dfw_config()
root = utils.normalize_xml(firewall_config)
for child in root:
if str(child.tag) == 'layer3Sections':
sections = list(child.iter('section'))
default = sections[-1]
return default.attrib['id']
def validate_vdn_scope(self, object_id):
uri = '%s/scopes' % VDN_PREFIX
h, scope_list = self.do_request(HTTP_GET, uri, decode=False,
format='xml')
root = utils.normalize_xml(scope_list)
for obj_id in root.iter('objectId'):
if obj_id.text == object_id:
return True
return False
def validate_vdn_scope(self, object_id):
uri = '%s/scopes' % VDN_PREFIX
h, scope_list = self.do_request(HTTP_GET, uri, decode=False,
format='xml')
root = utils.normalize_xml(scope_list)
for obj_id in root.iter('objectId'):
if obj_id.text == object_id:
return True
return False
def get_dvs_list(self):
uri = '%s/switches' % VDN_PREFIX
h, dvs_list = self.do_request(HTTP_GET, uri, decode=False,
format='xml')
root = utils.normalize_xml(dvs_list)
dvs_list = []
for obj_id in root.iter('objectId'):
if obj_id.text:
dvs_list.append(obj_id.text)
return dvs_list
def _scopingobjects_lookup(self, type_names, object_id, name=None):
uri = '%s/usermgmt/scopingobjects' % SERVICES_PREFIX
h, so_list = self.do_request(HTTP_GET, uri, decode=False, format='xml')
root = utils.normalize_xml(so_list)
for obj in root.iter('object'):
if (obj.find('objectTypeName').text in type_names
and obj.find('objectId').text == object_id
and (name is None or obj.find('name').text == name)):
return True
return False
def get_dvs_list(self):
uri = '%s/switches' % VDN_PREFIX
h, dvs_list = self.do_request(HTTP_GET, uri, decode=False,
format='xml')
root = utils.normalize_xml(dvs_list)
dvs_list = []
for obj_id in root.iter('objectId'):
if obj_id.text:
dvs_list.append(obj_id.text)
return dvs_list
def list_fw_sections(self):
h, firewall_config = self.vcns.get_dfw_config()
if not firewall_config:
return []
root = com_utils.normalize_xml(firewall_config)
sections = []
for sec in root.iter('section'):
sec_id = sec.attrib['id']
# Don't show NSX default sections, which are not relevant to OS.
if sec_id in ['1001', '1002', '1003']:
continue
sections.append({'name': sec.attrib['name'], 'id': sec_id})
return sections
def del_nsx_security_group_from_policy(self, policy_id, sg_id):
if not policy_id:
return
policy = self.nsxv_manager.vcns.get_security_policy(policy_id)
policy = utils.normalize_xml(policy)
# check if the security group is already bounded to the policy
for binding in policy.iter('securityGroupBinding'):
if binding.find('objectId').text == sg_id:
# delete this entry
policy.remove(binding)
return self.nsxv_manager.vcns.update_security_policy(
policy_id, et.tostring(policy))
def reorder_fw_sections(self):
# read all the sections
h, firewall_config = self.vcns.get_dfw_config()
if not firewall_config:
LOG.info("No firewall sections were found.")
return
root = com_utils.normalize_xml(firewall_config)
for child in root:
if str(child.tag) == 'layer3Sections':
# go over the L3 sections and reorder them.
# The correct order should be:
# 1. OS provider security groups
# 2. service composer policies
# 3. regular OS security groups
sections = list(child.iter('section'))
provider_sections = []
regular_sections = []
policy_sections = []
for sec in sections:
if sec.attrib.get('managedBy') == 'NSX Service Composer':
policy_sections.append(sec)
else:
if neutron_sg._is_provider_section(
sec.attrib.get('id')):
provider_sections.append(sec)
else:
regular_sections.append(sec)
child.remove(sec)
if not policy_sections and not provider_sections:
LOG.info("No need to reorder the firewall sections.")
return
# reorder the sections
reordered_sections = (provider_sections +
policy_sections +
regular_sections)
child.extend(reordered_sections)
# update the new order of sections in the backend
self.vcns.update_dfw_config(et.tostring(root), h)
LOG.info("L3 Firewall sections were reordered.")
def add_nsx_security_group_to_policy(self, policy_id, sg_id):
if not policy_id:
return
# Get the policy configuration
policy = self.nsxv_manager.vcns.get_security_policy(policy_id)
policy = utils.normalize_xml(policy)
# check if the security group is already bounded to the policy
for binding in policy.iter('securityGroupBinding'):
if binding.find('objectId').text == sg_id:
# Already there
return
# Add a new binding entry
new_binding = et.SubElement(policy, 'securityGroupBinding')
et.SubElement(new_binding, 'objectId').text = sg_id
return self.nsxv_manager.vcns.update_security_policy(
policy_id, et.tostring(policy))
def _globalobjects_lookup(self, name, use_cache=False):
"""Return objectId a specific name in the NSX global objects."""
# used cached scoping objects during plugin init since it is
# a big structure to retrieve and parse each time.
if use_cache and self._normalized_global_objects is not None:
# Use the cached data
root = self._normalized_global_objects
else:
# Not using cache, or we do want to use it,
# but it was not saved yet:
# So get the data from the NSX and parse it
so_list = self.get_global_objects()
root = utils.normalize_xml(so_list)
# Save it for possible usage next time (even if not using cache)
self._normalized_global_objects = root
for obj in root.iter('application'):
if obj.find('name').text == name:
return obj.find('objectId').text
def _scopingobjects_lookup(self, type_names, object_id, name=None,
use_cache=False):
"""Look for a specific object in the NSX scoping objects."""
# used cached scoping objects during plugin init since it is
# a big structure to retrieve and parse each time.
if use_cache and self._normalized_scoping_objects is not None:
# Use the cached data
root = self._normalized_scoping_objects
else:
# Not using cache, or we do want to use it,
# but it was not saved yet:
# So get the data from the NSX and parse it
so_list = self.get_scoping_objects()
root = utils.normalize_xml(so_list)
# Save it for possible usage next time (even if not using cache)
self._normalized_scoping_objects = root
for obj in root.iter('object'):
if (obj.find('objectTypeName').text in type_names and
obj.find('objectId').text == object_id and
(name is None or obj.find('name').text == name)):
return True
return False
