def del_policy_section(client_session, resource_id): try: category, security_policy_id = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) security_policy = common.nsx_read( client_session, 'body', 'securityPolicyID', uri_parameters={'ID': security_policy_id}) actionsByCategory = common.nsx_struct_get_list( security_policy, 'securityPolicy/actionsByCategory') for actions in actionsByCategory: if actions.get('category') == category: actionsByCategory.remove(actions) break else: return raw_result = client_session.update( 'securityPolicyID', uri_parameters={'ID': security_policy_id}, request_body_dict=security_policy) common.check_raw_result(raw_result)
def add_group_exclude_member(client_session, security_group_id, member_id): security_group = common.nsx_read( client_session, 'body', 'secGroupObject', uri_parameters={'objectId': security_group_id}) excludeMembers = common.nsx_struct_get_list(security_group, 'securitygroup/excludeMember') for member in excludeMembers: if member.get("objectId") == member_id: raise cfy_exc.NonRecoverableError( "Member %s already exists in %s group" % (member_id, security_group['securitygroup'].get( 'name', '*unknown*'))) excludeMembers.append({"objectId": member_id}) raw_result = client_session.update( 'secGroupObject', uri_parameters={'objectId': security_group_id}, request_body_dict=security_group) common.check_raw_result(raw_result) return "%s|%s" % (security_group_id, member_id)
def del_policy_group_bind(client_session, resource_id): try: security_group_id, security_policy_id = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) security_policy = common.nsx_read( client_session, 'body', 'securityPolicyID', uri_parameters={'ID': security_policy_id}) bindings = common.nsx_struct_get_list( security_policy, 'securityPolicy/securityGroupBinding') for bind in bindings: if bind.get('objectId') == security_group_id: bindings.remove(bind) break else: return raw_result = client_session.update( 'securityPolicyID', uri_parameters={'ID': security_policy_id}, request_body_dict=security_policy) common.check_raw_result(raw_result)
def delete_tag_vm(client_session, resource_id): ids = resource_id.split("|") if len(ids) != 2: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID') # get list of attached attached_vms_raw = common.nsx_read(client_session, 'body', 'securityTagVMsList', uri_parameters={'tagId': ids[0]}) if not attached_vms_raw: return attached_vms = common.nsx_struct_get_list(attached_vms_raw, 'basicinfolist/basicinfo') # delete only attached for vm in attached_vms: if vm.get('objectId') == ids[1]: result_raw = client_session.delete('securityTagVM', uri_parameters={ 'tagId': ids[0], 'vmMoid': ids[1] }) common.check_raw_result(result_raw) break
def add_policy_group_bind(client_session, security_policy_id, security_group_id): resource_id = policy_group_to_resource_id(security_group_id, security_policy_id) security_policy = common.nsx_read( client_session, 'body', 'securityPolicyID', uri_parameters={'ID': security_policy_id}) bindings = common.nsx_struct_get_list( security_policy, 'securityPolicy/securityGroupBinding') for bind in bindings: if bind.get('objectId') == security_group_id: raise cfy_exc.NonRecoverableError( "Group %s already exists in %s policy" % (security_group_id, security_policy['securityPolicy'].get( 'name', '*unknown*'))) bindings.append({'objectId': str(security_group_id)}) raw_result = client_session.update( 'securityPolicyID', uri_parameters={'ID': security_policy_id}, request_body_dict=security_policy) common.check_raw_result(raw_result) return resource_id
def del_group_exclude_member(client_session, resource_id): try: security_group_id, member_id = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) security_group = common.nsx_read( client_session, 'body', 'secGroupObject', uri_parameters={'objectId': security_group_id}) excludeMembers = common.nsx_struct_get_list(security_group, 'securitygroup/excludeMember') for member in excludeMembers: if member.get("objectId") == member_id: excludeMembers.remove(member) break else: return raw_result = client_session.update( 'secGroupObject', uri_parameters={'objectId': security_group_id}, request_body_dict=security_group) common.check_raw_result(raw_result)
def add_policy_section(client_session, security_policy_id, category, action): security_policy = common.nsx_read( client_session, 'body', 'securityPolicyID', uri_parameters={'ID': security_policy_id}) actionsByCategory = common.nsx_struct_get_list( security_policy, 'securityPolicy/actionsByCategory') for actions in actionsByCategory: if actions.get('category') == category: actions['action'] = action break else: actionsByCategory.append({'category': category, 'action': action}) raw_result = client_session.update( 'securityPolicyID', uri_parameters={'ID': security_policy_id}, request_body_dict=security_policy) common.check_raw_result(raw_result) return "%s|%s" % (category, security_policy_id)
def add_group_member(client_session, security_group_id, member_id): raw_result = client_session.update('secGroupMember', uri_parameters={ 'objectId': security_group_id, 'memberMoref': member_id }) common.check_raw_result(raw_result) return "%s|%s" % (security_group_id, member_id)
def add_tag_vm(client_session, tag_id, vm_id): resource_id = tag_vm_to_resource_id(tag_id, vm_id) result_raw = client_session.update('securityTagVM', uri_parameters={ 'tagId': tag_id, 'vmMoid': vm_id }) common.check_raw_result(result_raw) return resource_id
def delete_nat_rule(client_session, resource_id): try: esg_id, ruleID = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) result = client_session.delete('edgeNatRule', uri_parameters={ 'edgeId': esg_id, 'ruleID': ruleID }) common.check_raw_result(result)
def add_tag(client_session, name, description): security_group = {'securityTag': {'name': name}} if description: security_group['securityTag']['description'] = description result_raw = client_session.create('securityTag', request_body_dict=security_group) common.check_raw_result(result_raw) return result_raw['objectId']
def del_group_member(client_session, resource_id): try: security_group_id, member_id = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) raw_result = client_session.delete('secGroupMember', uri_parameters={ 'objectId': security_group_id, 'memberMoref': member_id }) common.check_raw_result(raw_result)
def delete_firewall_rule(client_session, resource_id): """Delete firewall rule, as resource_id used response from add_firewall_rule""" try: esg_id, rule_id = resource_id.split("|") except Exception as ex: raise cfy_exc.NonRecoverableError( 'Unexpected error retrieving resource ID: %s' % str(ex)) result = client_session.delete('firewallRule', uri_parameters={ 'edgeId': esg_id, 'ruleId': rule_id }) common.check_raw_result(result)
def add_nat_rule(client_session, esg_id, action, originalAddress, translatedAddress, vnic=None, ruleTag=None, loggingEnabled=False, enabled=True, description='', protocol='any', translatedPort='any', originalPort='any'): nat_spec = client_session.extract_resource_body_example( 'edgeNatRules', 'create') nat_rule = { 'ruleTag': ruleTag, 'action': action, 'vnic': vnic, 'originalAddress': originalAddress, 'translatedAddress': translatedAddress, 'description': description, 'protocol': protocol, 'translatedPort': originalPort, 'originalPort': translatedPort } if loggingEnabled: nat_rule['loggingEnabled'] = 'true' else: nat_rule['loggingEnabled'] = 'false' if enabled: nat_rule['enabled'] = 'true' else: nat_rule['enabled'] = 'false' nat_spec['natRules']['natRule'] = nat_rule result_raw = client_session.create('edgeNatRules', uri_parameters={'edgeId': esg_id}, request_body_dict=nat_spec) common.check_raw_result(result_raw) return "%s|%s" % (esg_id, result_raw['objectId'])
def del_dynamic_member(client_session, security_group_id): security_group = common.nsx_read( client_session, 'body', 'secGroupObject', uri_parameters={'objectId': security_group_id}) security_group['securitygroup']['dynamicMemberDefinition'] = {} # it is not error! # We need to use bulk to update dynamic members # with use security_group_id as scope raw_result = client_session.update( 'secGroupBulk', uri_parameters={'scopeId': security_group_id}, request_body_dict=security_group) common.check_raw_result(raw_result)
def add_firewall_rule(client_session, esg_id, application='any', direction='any', name="", loggingEnabled=False, matchTranslated=False, destination='any', enabled=True, source='any', action='accept', ruleTag=None, description=None): firewallRule = { 'name': name, 'source': source, 'action': action, 'direction': direction, 'application': application, 'destination': destination } common.set_boolean_property(firewallRule, 'loggingEnabled', loggingEnabled) common.set_boolean_property(firewallRule, 'matchTranslated', matchTranslated) common.set_boolean_property(firewallRule, 'enabled', enabled) if ruleTag: firewallRule['ruleTag'] = ruleTag if description: firewallRule['description'] = description firewall_spec = {} firewall_spec['firewallRules'] = {} firewall_spec['firewallRules']['firewallRule'] = firewallRule result_raw = client_session.create('firewallRules', uri_parameters={'edgeId': esg_id}, request_body_dict=firewall_spec) common.check_raw_result(result_raw) return result_raw['objectId'], "%s|%s" % (esg_id, result_raw['objectId'])
def add_group(client_session, scopeId, name, member, excludeMember, dynamicMemberDefinition): security_group = { 'securitygroup': { 'name': name, 'member': member, 'excludeMember': excludeMember, 'dynamicMemberDefinition': dynamicMemberDefinition } } raw_result = client_session.create('secGroupBulk', uri_parameters={'scopeId': scopeId}, request_body_dict=security_group) common.check_raw_result(raw_result) return raw_result['objectId']
def add_policy(client_session, name, description, precedence, parent, securityGroupBinding, actionsByCategory): security_policy = { 'securityPolicy': { "name": name, "description": description, "precedence": precedence, "parent": parent, "securityGroupBinding": securityGroupBinding, "actionsByCategory": actionsByCategory } } raw_result = client_session.create('securityPolicy', request_body_dict=security_policy) common.check_raw_result(raw_result) return raw_result['objectId']
def nat_service(client_session, esg_id, enabled): change_needed = False current_nat_config = client_session.read('edgeNat', uri_parameters={'edgeId': esg_id})['body'] new_nat_config = current_nat_config if enabled: if current_nat_config['nat']['enabled'] == 'false': new_nat_config['nat']['enabled'] = 'true' change_needed = True else: if current_nat_config['nat']['enabled'] == 'true': new_nat_config['nat']['enabled'] = 'false' change_needed = True if change_needed: result = client_session.update('edgeNat', uri_parameters={'edgeId': esg_id}, request_body_dict=new_nat_config) common.check_raw_result(result)
def set_dynamic_member(client_session, security_group_id, dynamic_set): security_group = common.nsx_read( client_session, 'body', 'secGroupObject', uri_parameters={'objectId': security_group_id}) # fully overwrite previous state security_group['securitygroup']['dynamicMemberDefinition'] = { 'dynamicSet': dynamic_set } # it is not error! # We need to use bulk to update dynamic members # with use security_group_id as scope raw_result = client_session.update( 'secGroupBulk', uri_parameters={'scopeId': security_group_id}, request_body_dict=security_group) common.check_raw_result(raw_result) return security_group_id
def del_logical_switch(client_session, resource_id): raw_result = client_session.delete( 'logicalSwitch', uri_parameters={'virtualWireID': resource_id} ) common.check_raw_result(raw_result)
def get_logical_switch(client_session, logical_switch_id): raw_result = client_session.read('logicalSwitch', uri_parameters={ 'virtualWireID': logical_switch_id }) common.check_raw_result(raw_result) return raw_result['body']['virtualWire']
def delete_tag(client_session, resource_id): result = client_session.delete('securityTagID', uri_parameters={'tagId': resource_id}) common.check_raw_result(result)