x/vmware-nsx
Code Issues Proposed changes

NSX|V New admin utility to list existing NSX policies

Browse Source 
The use needs to configure nsx-policies using their IDs, which are hard
to find in the VC. The new admin utility will make this easier.

Change-Id: I8869272ff02389193ba546833b52734cf4b71ff2
This commit is contained in:
Adit Sarfaty 2018-11-27 13:19:56 +02:00
parent 183b86b1f0
commit 5e5af50640
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/source/admin_util.rst
View File

@ -245,6 +245,10 @@ Security Groups, Firewall and Spoofguard
nsxadmin -r firewall-sections -o nsx-reorder nsxadmin -r firewall-sections -o nsx-reorder
- List NSX service composer policies, that can be used in security groups::
nsxadmin -r firewall-sections -o list-policies
- Update the default cluster section:: - Update the default cluster section::
nsxadmin -r firewall-sections -o nsx-update nsxadmin -r firewall-sections -o nsx-update

17
vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import operator
import re import re
import xml.etree.ElementTree as et import xml.etree.ElementTree as et
@ -376,6 +377,18 @@ def fix_security_groups(resource, event, trigger, **kwargs):
plugin._add_member_to_security_group(nsx_id, vnic_id) plugin._add_member_to_security_group(nsx_id, vnic_id)
@admin_utils.output_header
def list_policies(resource, event, trigger, **kwargs):
"""List nsx service composer policies"""
context = n_context.get_admin_context()
with utils.NsxVPluginWrapper() as plugin:
policies = plugin.get_nsx_policies(context)
policies.sort(key=operator.itemgetter('id'))
_log_info("NSX service composer policies:", policies,
attrs=['id', 'name', 'description'])
@admin_utils.output_header @admin_utils.output_header
def migrate_sg_to_policy(resource, event, trigger, **kwargs): def migrate_sg_to_policy(resource, event, trigger, **kwargs):
"""Change the mode of a security group from rules to NSX policy""" """Change the mode of a security group from rules to NSX policy"""
@ -526,6 +539,10 @@ registry.subscribe(migrate_sg_to_policy,
constants.SECURITY_GROUPS, constants.SECURITY_GROUPS,
shell.Operations.MIGRATE_TO_POLICY.value) shell.Operations.MIGRATE_TO_POLICY.value)
registry.subscribe(list_policies,
constants.SECURITY_GROUPS,
shell.Operations.LIST_POLICIES.value)
registry.subscribe(reorder_firewall_sections, registry.subscribe(reorder_firewall_sections,
constants.FIREWALL_SECTIONS, constants.FIREWALL_SECTIONS,
shell.Operations.NSX_REORDER.value) shell.Operations.NSX_REORDER.value)

2
vmware_nsx/shell/resources.py
View File

@ -59,6 +59,7 @@ class Operations(enum.Enum):
MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria' MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria'
NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3' NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3'
MIGRATE_TO_POLICY = 'migrate-to-policy' MIGRATE_TO_POLICY = 'migrate-to-policy'
LIST_POLICIES = 'list-policies'
UPDATE_LOGGING = 'update-logging' UPDATE_LOGGING = 'update-logging'
NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports' NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports'
MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp' MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp'
@ -193,6 +194,7 @@ nsxv_resources = {
[Operations.LIST.value, [Operations.LIST.value,
Operations.FIX_MISMATCH.value, Operations.FIX_MISMATCH.value,
Operations.MIGRATE_TO_POLICY.value, Operations.MIGRATE_TO_POLICY.value,
Operations.LIST_POLICIES.value,
Operations.UPDATE_LOGGING.value]), Operations.UPDATE_LOGGING.value]),
constants.FIREWALL_NSX_GROUPS: Resource( constants.FIREWALL_NSX_GROUPS: Resource(
constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value, constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,