From 6ce85d64b7754037dc125101dc03c4e87d5a4238 Mon Sep 17 00:00:00 2001
From: Amey Bhide <abhide@vmware.com>
Date: Tue, 20 Oct 2015 00:15:01 -0700
Subject: [PATCH] Admin Utility: List spoofguard policy mappings
Change-Id: Icd313a9bb4c0732db549de0e2b602e36a00cfebd
---
.../admin/plugins/nsxv/resources/edges.py | 38 +++-----
.../nsxv/resources/spoofguard_policy.py | 94 +++++++++++++++++++
.../admin/plugins/nsxv/resources/utils.py | 35 +++++++
3 files changed, 140 insertions(+), 27 deletions(-)
create mode 100644 tools/python-nsxadmin/admin/plugins/nsxv/resources/spoofguard_policy.py
create mode 100644 tools/python-nsxadmin/admin/plugins/nsxv/resources/utils.py
diff --git a/tools/python-nsxadmin/admin/plugins/nsxv/resources/edges.py b/tools/python-nsxadmin/admin/plugins/nsxv/resources/edges.py
index cf22b5992c..f496abd93b 100644
--- a/tools/python-nsxadmin/admin/plugins/nsxv/resources/edges.py
+++ b/tools/python-nsxadmin/admin/plugins/nsxv/resources/edges.py
@@ -19,37 +19,19 @@ from admin.plugins.common import constants
from admin.plugins.common import formatters
from admin.plugins.common.utils import output_header
from admin.plugins.common.utils import query_yes_no
+import admin.plugins.nsxv.resources.utils as utils
from admin.shell import Operations
-from neutron.i18n import _LI
-from oslo_config import cfg
-
from neutron.callbacks import registry
-from neutron import context as neutron_context
-from neutron.db import common_db_mixin as common_db
+from neutron.i18n import _LI
+
from vmware_nsx.db import nsxv_db
-from vmware_nsx.plugins.nsx_v.vshield import vcns
LOG = logging.getLogger(__name__)
-class EdgeApi(common_db.CommonDbMixin):
- def __init__(self):
- super(EdgeApi, self)
- self.context = neutron_context.get_admin_context()
-
-
-def init_nsxv_client():
- return vcns.Vcns(
- address=cfg.CONF.nsxv.manager_uri,
- user=cfg.CONF.nsxv.user,
- password=cfg.CONF.nsxv.password,
- ca_file=cfg.CONF.nsxv.ca_file,
- insecure=cfg.CONF.nsxv.insecure)
-
-
def get_nsxv_edges():
- nsxv = init_nsxv_client()
+ nsxv = utils.get_nsxv_client()
edges = nsxv.get_edges()[1]
return edges['edgePage'].get('data', [])
@@ -64,7 +46,7 @@ def nsx_list_edges(resource, event, trigger, **kwargs):
def get_router_edge_bindings():
- edgeapi = EdgeApi()
+ edgeapi = utils.NeutronDbClient()
return nsxv_db.get_nsxv_router_bindings(edgeapi.context)
@@ -90,14 +72,16 @@ def get_orphaned_edges():
@output_header
def nsx_list_orphaned_edges(resource, event, trigger, **kwargs):
- """
- List orphaned Edges on NSXv. Orphaned edges are NSXv edges that exist
- on NSXv backend but don't have a corresponding binding in Neutron DB
+ """List orphaned Edges on NSXv.
+
+ Orphaned edges are NSXv edges that exist on NSXv backend but
+ don't have a corresponding binding in Neutron DB
"""
orphaned_edges = get_orphaned_edges()
LOG.info(orphaned_edges)
+@output_header
def nsx_delete_orphaned_edges(resource, event, trigger, **kwargs):
"""Delete orphaned edges from NSXv backend"""
orphaned_edges = get_orphaned_edges()
@@ -111,7 +95,7 @@ def nsx_delete_orphaned_edges(resource, event, trigger, **kwargs):
LOG.info(_LI("NSXv Edge deletion aborted by user"))
return
- nsxv = init_nsxv_client()
+ nsxv = utils.get_nsxv_client()
for edge in orphaned_edges:
LOG.info(_LI("Deleting edge: %s"), edge)
nsxv.delete_edge(edge)
diff --git a/tools/python-nsxadmin/admin/plugins/nsxv/resources/spoofguard_policy.py b/tools/python-nsxadmin/admin/plugins/nsxv/resources/spoofguard_policy.py
new file mode 100644
index 0000000000..8115ae851b
--- /dev/null
+++ b/tools/python-nsxadmin/admin/plugins/nsxv/resources/spoofguard_policy.py
@@ -0,0 +1,94 @@
+# Copyright 2015 VMware, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+import logging
+
+from admin.plugins.common import constants
+from admin.plugins.common import formatters
+from admin.plugins.common.utils import output_header
+import admin.plugins.nsxv.resources.utils as utils
+from admin.shell import Operations
+
+from neutron.callbacks import registry
+from neutron.i18n import _LI
+
+from vmware_nsx.db import nsxv_db
+
+LOG = logging.getLogger(__name__)
+
+
+def get_spoofguard_policies():
+ nsxv = utils.get_nsxv_client()
+ return nsxv.get_spoofguard_policies()[1].get("policies")
+
+
+@output_header
+def nsx_list_spoofguard_policies(resource, event, trigger, **kwargs):
+ """List spoofguard policies from NSXv backend"""
+ policies = get_spoofguard_policies()
+ LOG.info(formatters.output_formatter(
+ constants.SPOOFGUARD_POLICY, policies,
+ ['policyId', 'name']))
+
+
+def get_spoofguard_policy_network_mappings():
+ spgapi = utils.NeutronDbClient()
+ return nsxv_db.get_nsxv_spoofguard_policy_network_mappings(
+ spgapi.context)
+
+
+@output_header
+def neutron_list_spoofguard_policy_mappings(resource, event, trigger,
+ **kwargs):
+ mappings = get_spoofguard_policy_network_mappings()
+ LOG.info(formatters.output_formatter(
+ constants.SPOOFGUARD_POLICY, mappings,
+ ['network_id', 'policy_id']))
+
+
+def get_missing_spoofguard_policy_mappings():
+ nsxv_spoofguard_policies = set()
+ for spg in get_spoofguard_policies():
+ nsxv_spoofguard_policies.add(spg.get('policyId'))
+
+ neutron_spoofguard_policy_mappings = set()
+ for binding in get_spoofguard_policy_network_mappings():
+ neutron_spoofguard_policy_mappings.add(binding.policy_id)
+
+ return neutron_spoofguard_policy_mappings - nsxv_spoofguard_policies
+
+
+@output_header
+def nsx_list_missing_spoofguard_policies(resource, event, trigger,
+ **kwargs):
+ """List missing spoofguard policies on NSXv.
+
+ Spoofguard policies that have a binding in Neutron Db but there is
+ no policy on NSXv backend to back it.
+ """
+ LOG.info(_LI("Spoofguard policies in Neutron Db but on present on NSXv"))
+ missing_policies = get_missing_spoofguard_policy_mappings()
+ LOG.info(missing_policies)
+
+
+registry.subscribe(neutron_list_spoofguard_policy_mappings,
+ constants.SPOOFGUARD_POLICY,
+ Operations.LIST.value)
+registry.subscribe(nsx_list_spoofguard_policies,
+ constants.SPOOFGUARD_POLICY,
+ Operations.LIST.value)
+registry.subscribe(nsx_list_missing_spoofguard_policies,
+ constants.SPOOFGUARD_POLICY,
+ Operations.LIST.value)
diff --git a/tools/python-nsxadmin/admin/plugins/nsxv/resources/utils.py b/tools/python-nsxadmin/admin/plugins/nsxv/resources/utils.py
new file mode 100644
index 0000000000..5ba9dd51db
--- /dev/null
+++ b/tools/python-nsxadmin/admin/plugins/nsxv/resources/utils.py
@@ -0,0 +1,35 @@
+# Copyright 2015 VMware, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+from oslo_config import cfg
+
+from neutron import context as neutron_context
+from neutron.db import common_db_mixin as common_db
+from vmware_nsx.plugins.nsx_v.vshield import vcns
+
+
+def get_nsxv_client():
+ return vcns.Vcns(
+ address=cfg.CONF.nsxv.manager_uri,
+ user=cfg.CONF.nsxv.user,
+ password=cfg.CONF.nsxv.password,
+ ca_file=cfg.CONF.nsxv.ca_file,
+ insecure=cfg.CONF.nsxv.insecure)
+
+
+class NeutronDbClient(common_db.CommonDbMixin):
+ def __init__(self):
+ super(NeutronDbClient, self)
+ self.context = neutron_context.get_admin_context()