from tests.config import *
from nsxramlclient.client import NsxClient
import time
client_session = NsxClient(nsxraml_file, nsxmanager, nsx_username, nsx_password, debug=True)
ipset_dict = client_session.extract_resource_body_schema('ipsetCreate', 'create')
ipset_dict['ipset']['name'] = 'Test'
ipset_dict['ipset']['value'] = '192.168.1.0/24'
ipset_dict['ipset']['inheritanceAllowed'] = 'True'
newipset_return = client_session.create('ipsetCreate', uri_parameters={'scopeMoref': 'globalroot-0'},
request_body_dict=ipset_dict)
newipset = dict(client_session.read('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})['body'])
newipset['ipset']['value'] = '10.0.0.0/16'
newipset['ipset']['inheritanceAllowed'] = 'False'
time.sleep(10)
client_session.update('ipset', uri_parameters={'ipsetId': newipset_return['objectId']}, request_body_dict=newipset)
client_session.read('ipsetList', uri_parameters={'scopeMoref': 'globalroot-0'})
time.sleep(10)
client_session.delete('ipset', uri_parameters={'ipsetId': newipset_return['objectId']})
def main():
"""main function:
Accept arguments from Ansible
Create an nsxramlclient session
Depending on the mode of operation call the specific function
"""
module = AnsibleModule(argument_spec=
dict(
nsxmanager_spec=dict(required=True, type="dict"),
edge_name=dict(required=False),
edge_id=dict(required=False),
mode=dict(required=True, choices=["create", "append", "query", "delete", "set_default_action", "reset"]),
source=dict(required=False, type="dict"),
destination=dict(required=False, type="dict"),
action=dict(required=False, choices=["accept", "deny", "reject"]),
name=dict(required=False),
description=dict(required=False),
application=dict(required=False, type="dict"),
rule_id=dict(required=False),
direction=dict(required=False, choices=["in", "out"]),
global_config=dict(required=False, type="dict"),
rules=dict(required=False, type="list"),
default_action=dict(required=False, choices=["accept", "deny", "reject"]),
), required_one_of=[["edge_name", "edge_id"]])
try:
client_session = NsxClient(module.params['nsxmanager_spec']['raml_file'],
module.params['nsxmanager_spec']['host'],
module.params['nsxmanager_spec']['user'],
module.params['nsxmanager_spec']['password'])
except:
module.fail_json(msg="Could not connect to the NSX manager")
edge_name = module.params.get("edge_name", None)
if not edge_name:
edge_id = module.params["edge_id"]
else:
edge_id = get_edge_id(client_session, edge_name)
if not edge_id:
module.fail_json(msg="The edge with the name %s does not exist." % (edge_name))
mode = module.params["mode"]
action = module.params.get("action", None)
name = module.params.get("name", None)
rule_id = module.params.get("rule_id", None)
application = module.params.get("application", None)
source = module.params.get("source", None)
destination = module.params.get("destination", None)
description = module.params.get("description", None)
direction = module.params.get("direction", None)
rules = module.params.get("rules", None)
global_config = module.params.get("global_config", None)
default_action = module.params.get("default_action", None)
if mode == "create":
#'create' mode:
# 1)Create a Firewall object out of the given rules,global_config and default_action
# 2)Get the resource body to be sent
# 3)Send the resource body to the NSX Manager
if not rules:
module.fail_json(msg="The parameter 'rules' is required in order to create the firewall rules")
firewall_rules = []
for rule in rules:
firewall_rules.append(FirewallRule(rule))
F = Firewall(firewall_rules, global_config, default_action)
resource_body = F.get_resource_body()
resp = client_session.update("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id},
request_body_dict=resource_body)
if resp["status"] == 204:
module.exit_json(changed=True, msg="Successfully created the rules for the edge with ID %s" % (edge_id))
else:
module.fail_json(msg="The resource could not be created")
elif mode == "append":
#'append' mode:
# 1)Check if the rule to be added already exists in the firewall
# 2)If yes, exit
# 3)If no, create the resource body and send the request to the NSX Manager
if not action:
module.fail_json(msg="The 'action' attribute is mandatory while appending a new rule")
rule_to_be_added = FirewallRule({"name":name, "action":action, "description":description, "source":source, "destination":destination, "application":application, "direction":direction})
current_rules = [FirewallRule(rule) for rule in query_firewall_rules(client_session, edge_id)]
current_hashes = [hash(rule) for rule in current_rules]
if hash(rule_to_be_added) in current_hashes:
module.exit_json(changed=False, msg="The given rule already exists in the firewall")
resource_body = append_api_resource_body
resource_body["firewallRules"]["firewallRule"] = rule_to_be_added.get_rule()
resp = client_session.create("firewallRules", uri_parameters={"edgeId": edge_id},
request_body_dict=resource_body)
if resp["status"] == 201:
module.exit_json(changed=True, meta={"ruleId": resp["objectId"]})
else:
module.fail_json(msg="The resource could not be created")
elif mode == "query":
#'query' mode:
# 1)Query the rules existing for the given edge
# 2)Display the results (requires <result>.split("\n") in Ansible as Ansible does not support printing newlines
rules = query_firewall_rules(client_session, edge_id)
print_str = display_firewall_rules(rules)
module.exit_json(changed=False, meta={"output": print_str})
elif mode == "delete":
#'delete' mode:
# - Delete the rule with the given rule_id
if not rule_id:
module.fail_json(msg="The parameter 'rule_id' is required to delete a given rule")
resp = client_session.delete("firewallRule", uri_parameters={"ruleId": rule_id, "edgeId": edge_id})
if resp["status"] == 204:
module.exit_json(changed=True, msg="Rule with the ID %s successfully deleted" % (rule_id))
else:
module.fail_json(msg="Could not delete the rule with ID %s. Make sure that the rule exists" % (rule_id))
elif mode == "set_default_action":
#'set_default_action' mode:
# - Sets the default action for the firewall(can be 'accept', 'deny' or 'reject')
if not default_action:
module.fail_json(msg="The parameter 'default_action' is required to set the default action")
resource_body = default_action_resource_body
resource_body["firewallDefaultPolicy"]["action"] = default_action
resp = client_session.update("defaultFirewallPolicy", uri_parameters={"edgeId": edge_id},
request_body_dict=resource_body)
if resp["status"] == 204:
module.exit_json(changed=True, msg="Successfully updated the firewall config")
else:
module.fail_json(msg="The resource could not be updated")
elif mode == "reset":
#'reset' mode:
# - Resets the firewall by deleting all the existing rules
resp = client_session.delete("nsxEdgeFirewallConfig", uri_parameters={"edgeId": edge_id})
if resp["status"] == 204:
module.exit_json(msg="Successfully reset the firewall configuration for the edge with ID %s" %(edge_id), changed=True)
else:
module.fail_json(msg="Could not reset the firewall rules for the edge with ID %s" %(edge_id))
client_session.view_response(tz_lswitches)
# Read the properties of the new logical switch
new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']})
client_session.view_response(new_ls_props)
time.sleep(5)
# update the properties of the new logical switch (name)
updated_ls_dict = new_ls_props['body']
updated_ls_dict['virtualWire']['name'] = 'ThisIsANewName'
update_resp = client_session.update('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']},
request_body_dict=updated_ls_dict)
time.sleep(5)
# delete new logical created ealier
client_session.delete('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']})
#TODO: test moving a VM to the new logical switch
# move a VM to a logical switch
vm_attach_body_dict = client_session.extract_resource_body_schema('logicalSwitchVmAttach', 'read')
client_session.view_body_dict(vm_attach_body_dict)
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['objectId'] = ''
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['portgroupId'] = new_ls['objectId']
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['vnicUuid'] = ''
client_session.view_response(tz_lswitches)
# Read the properties of the new logical switch
new_ls_props = client_session.read('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']})
client_session.view_response(new_ls_props)
time.sleep(5)
# update the properties of the new logical switch (name)
updated_ls_dict = new_ls_props['body']
updated_ls_dict['virtualWire']['name'] = 'ThisIsANewName'
update_resp = client_session.update('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']},
request_body_dict=updated_ls_dict)
time.sleep(5)
# delete new logical created ealier
client_session.delete('logicalSwitch', uri_parameters={'virtualWireID': new_ls['objectId']})
#TODO: test moving a VM to the new logical switch
# move a VM to a logical switch
#vm_attach_body_dict = client_session.extract_resource_body_example('logicalSwitchVmAttach', 'read')
#client_session.view_body_dict(vm_attach_body_dict)
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['objectId'] = ''
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['portgroupId'] = new_ls['objectId']
#vm_attach_body_dict['com.vmware.vshield.vsm.inventory.dto.VnicDto']['vnicUuid'] = ''
