def get_section_id(self, section_name): """Retrieve the id of a section from nsx.""" h, firewall_config = self.get_dfw_config() root = utils.normalize_xml(firewall_config) for sec in root.iter('section'): if sec.attrib['name'] == section_name: return sec.attrib['id']
def get_security_group_id(self, sg_name): """Returns NSXv security group id which match the given name.""" h, secgroups = self.list_security_groups() root = utils.normalize_xml(secgroups) for sg in root.iter('securitygroup'): if sg.find('name').text == sg_name: return sg.find('objectId').text
def _scopingobjects_lookup(self, type_names, object_id, name=None, use_cache=False): """Look for a specific object in the NSX scoping objects.""" # used cached scoping objects during plugin init since it is # a big structure to retrieve and parse each time. if use_cache and self._normalized_scoping_objects is not None: # Use the cached data root = self._normalized_scoping_objects else: # Not using cache, or we do want to use it, # but it was not saved yet: # So get the data from the NSX and parse it so_list = self.get_scoping_objects() root = utils.normalize_xml(so_list) # Save it for possible usage next time (even if not using cache) self._normalized_scoping_objects = root for obj in root.iter('object'): if (obj.find('objectTypeName').text in type_names and obj.find('objectId').text == object_id and (name is None or obj.find('name').text == name)): return True return False
def get_default_l3_id(self): """Retrieve the id of the default l3 section.""" h, firewall_config = self.get_dfw_config() root = utils.normalize_xml(firewall_config) for child in root: if str(child.tag) == 'layer3Sections': sections = list(child.iter('section')) default = sections[-1] return default.attrib['id']
def validate_vdn_scope(self, object_id): uri = '%s/scopes' % VDN_PREFIX h, scope_list = self.do_request(HTTP_GET, uri, decode=False, format='xml') root = utils.normalize_xml(scope_list) for obj_id in root.iter('objectId'): if obj_id.text == object_id: return True return False
def get_dvs_list(self): uri = '%s/switches' % VDN_PREFIX h, dvs_list = self.do_request(HTTP_GET, uri, decode=False, format='xml') root = utils.normalize_xml(dvs_list) dvs_list = [] for obj_id in root.iter('objectId'): if obj_id.text: dvs_list.append(obj_id.text) return dvs_list
def _scopingobjects_lookup(self, type_names, object_id, name=None): uri = '%s/usermgmt/scopingobjects' % SERVICES_PREFIX h, so_list = self.do_request(HTTP_GET, uri, decode=False, format='xml') root = utils.normalize_xml(so_list) for obj in root.iter('object'): if (obj.find('objectTypeName').text in type_names and obj.find('objectId').text == object_id and (name is None or obj.find('name').text == name)): return True return False
def list_fw_sections(self): h, firewall_config = self.vcns.get_dfw_config() if not firewall_config: return [] root = com_utils.normalize_xml(firewall_config) sections = [] for sec in root.iter('section'): sec_id = sec.attrib['id'] # Don't show NSX default sections, which are not relevant to OS. if sec_id in ['1001', '1002', '1003']: continue sections.append({'name': sec.attrib['name'], 'id': sec_id}) return sections
def del_nsx_security_group_from_policy(self, policy_id, sg_id): if not policy_id: return policy = self.nsxv_manager.vcns.get_security_policy(policy_id) policy = utils.normalize_xml(policy) # check if the security group is already bounded to the policy for binding in policy.iter('securityGroupBinding'): if binding.find('objectId').text == sg_id: # delete this entry policy.remove(binding) return self.nsxv_manager.vcns.update_security_policy( policy_id, et.tostring(policy))
def reorder_fw_sections(self): # read all the sections h, firewall_config = self.vcns.get_dfw_config() if not firewall_config: LOG.info("No firewall sections were found.") return root = com_utils.normalize_xml(firewall_config) for child in root: if str(child.tag) == 'layer3Sections': # go over the L3 sections and reorder them. # The correct order should be: # 1. OS provider security groups # 2. service composer policies # 3. regular OS security groups sections = list(child.iter('section')) provider_sections = [] regular_sections = [] policy_sections = [] for sec in sections: if sec.attrib.get('managedBy') == 'NSX Service Composer': policy_sections.append(sec) else: if neutron_sg._is_provider_section( sec.attrib.get('id')): provider_sections.append(sec) else: regular_sections.append(sec) child.remove(sec) if not policy_sections and not provider_sections: LOG.info("No need to reorder the firewall sections.") return # reorder the sections reordered_sections = (provider_sections + policy_sections + regular_sections) child.extend(reordered_sections) # update the new order of sections in the backend self.vcns.update_dfw_config(et.tostring(root), h) LOG.info("L3 Firewall sections were reordered.")
def add_nsx_security_group_to_policy(self, policy_id, sg_id): if not policy_id: return # Get the policy configuration policy = self.nsxv_manager.vcns.get_security_policy(policy_id) policy = utils.normalize_xml(policy) # check if the security group is already bounded to the policy for binding in policy.iter('securityGroupBinding'): if binding.find('objectId').text == sg_id: # Already there return # Add a new binding entry new_binding = et.SubElement(policy, 'securityGroupBinding') et.SubElement(new_binding, 'objectId').text = sg_id return self.nsxv_manager.vcns.update_security_policy( policy_id, et.tostring(policy))
def _globalobjects_lookup(self, name, use_cache=False): """Return objectId a specific name in the NSX global objects.""" # used cached scoping objects during plugin init since it is # a big structure to retrieve and parse each time. if use_cache and self._normalized_global_objects is not None: # Use the cached data root = self._normalized_global_objects else: # Not using cache, or we do want to use it, # but it was not saved yet: # So get the data from the NSX and parse it so_list = self.get_global_objects() root = utils.normalize_xml(so_list) # Save it for possible usage next time (even if not using cache) self._normalized_global_objects = root for obj in root.iter('application'): if obj.find('name').text == name: return obj.find('objectId').text