From 5e5af506403f9452b30fdec8a259172febf7ee5f Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Tue, 27 Nov 2018 13:19:56 +0200 Subject: [PATCH] NSX|V New admin utility to list existing NSX policies The use needs to configure nsx-policies using their IDs, which are hard to find in the VC. The new admin utility will make this easier. Change-Id: I8869272ff02389193ba546833b52734cf4b71ff2 --- doc/source/admin_util.rst | 4 ++++ .../plugins/nsxv/resources/securitygroups.py | 17 +++++++++++++++++ vmware_nsx/shell/resources.py | 2 ++ 3 files changed, 23 insertions(+) diff --git a/doc/source/admin_util.rst b/doc/source/admin_util.rst index 87ef1bb13a..12bfd7e95e 100644 --- a/doc/source/admin_util.rst +++ b/doc/source/admin_util.rst @@ -245,6 +245,10 @@ Security Groups, Firewall and Spoofguard nsxadmin -r firewall-sections -o nsx-reorder +- List NSX service composer policies, that can be used in security groups:: + + nsxadmin -r firewall-sections -o list-policies + - Update the default cluster section:: nsxadmin -r firewall-sections -o nsx-update diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py index a0237e16d9..9e05445103 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import operator import re import xml.etree.ElementTree as et @@ -376,6 +377,18 @@ def fix_security_groups(resource, event, trigger, **kwargs): plugin._add_member_to_security_group(nsx_id, vnic_id) +@admin_utils.output_header +def list_policies(resource, event, trigger, **kwargs): + """List nsx service composer policies""" + context = n_context.get_admin_context() + with utils.NsxVPluginWrapper() as plugin: + policies = plugin.get_nsx_policies(context) + + policies.sort(key=operator.itemgetter('id')) + _log_info("NSX service composer policies:", policies, + attrs=['id', 'name', 'description']) + + @admin_utils.output_header def migrate_sg_to_policy(resource, event, trigger, **kwargs): """Change the mode of a security group from rules to NSX policy""" @@ -526,6 +539,10 @@ registry.subscribe(migrate_sg_to_policy, constants.SECURITY_GROUPS, shell.Operations.MIGRATE_TO_POLICY.value) +registry.subscribe(list_policies, + constants.SECURITY_GROUPS, + shell.Operations.LIST_POLICIES.value) + registry.subscribe(reorder_firewall_sections, constants.FIREWALL_SECTIONS, shell.Operations.NSX_REORDER.value) diff --git a/vmware_nsx/shell/resources.py b/vmware_nsx/shell/resources.py index 9f8799e968..ec4997dd3f 100644 --- a/vmware_nsx/shell/resources.py +++ b/vmware_nsx/shell/resources.py @@ -59,6 +59,7 @@ class Operations(enum.Enum): MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria' NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3' MIGRATE_TO_POLICY = 'migrate-to-policy' + LIST_POLICIES = 'list-policies' UPDATE_LOGGING = 'update-logging' NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports' MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp' @@ -193,6 +194,7 @@ nsxv_resources = { [Operations.LIST.value, Operations.FIX_MISMATCH.value, Operations.MIGRATE_TO_POLICY.value, + Operations.LIST_POLICIES.value, Operations.UPDATE_LOGGING.value]), constants.FIREWALL_NSX_GROUPS: Resource( constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,