Merge "NSX|V New admin utility to list existing NSX policies"

This commit is contained in:
Zuul 2018-12-02 09:39:41 +00:00 committed by Gerrit Code Review
commit 8d4be05360
3 changed files with 23 additions and 0 deletions
doc/source
vmware_nsx/shell
admin/plugins/nsxv/resources
resources.py

@ -245,6 +245,10 @@ Security Groups, Firewall and Spoofguard
nsxadmin -r firewall-sections -o nsx-reorder nsxadmin -r firewall-sections -o nsx-reorder
- List NSX service composer policies, that can be used in security groups::
nsxadmin -r firewall-sections -o list-policies
- Update the default cluster section:: - Update the default cluster section::
nsxadmin -r firewall-sections -o nsx-update nsxadmin -r firewall-sections -o nsx-update

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import operator
import re import re
import xml.etree.ElementTree as et import xml.etree.ElementTree as et
@ -376,6 +377,18 @@ def fix_security_groups(resource, event, trigger, **kwargs):
plugin._add_member_to_security_group(nsx_id, vnic_id) plugin._add_member_to_security_group(nsx_id, vnic_id)
@admin_utils.output_header
def list_policies(resource, event, trigger, **kwargs):
"""List nsx service composer policies"""
context = n_context.get_admin_context()
with utils.NsxVPluginWrapper() as plugin:
policies = plugin.get_nsx_policies(context)
policies.sort(key=operator.itemgetter('id'))
_log_info("NSX service composer policies:", policies,
attrs=['id', 'name', 'description'])
@admin_utils.output_header @admin_utils.output_header
def migrate_sg_to_policy(resource, event, trigger, **kwargs): def migrate_sg_to_policy(resource, event, trigger, **kwargs):
"""Change the mode of a security group from rules to NSX policy""" """Change the mode of a security group from rules to NSX policy"""
@ -526,6 +539,10 @@ registry.subscribe(migrate_sg_to_policy,
constants.SECURITY_GROUPS, constants.SECURITY_GROUPS,
shell.Operations.MIGRATE_TO_POLICY.value) shell.Operations.MIGRATE_TO_POLICY.value)
registry.subscribe(list_policies,
constants.SECURITY_GROUPS,
shell.Operations.LIST_POLICIES.value)
registry.subscribe(reorder_firewall_sections, registry.subscribe(reorder_firewall_sections,
constants.FIREWALL_SECTIONS, constants.FIREWALL_SECTIONS,
shell.Operations.NSX_REORDER.value) shell.Operations.NSX_REORDER.value)

@ -59,6 +59,7 @@ class Operations(enum.Enum):
MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria' MIGRATE_TO_DYNAMIC_CRITERIA = 'migrate-to-dynamic-criteria'
NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3' NSX_MIGRATE_V_V3 = 'nsx-migrate-v-v3'
MIGRATE_TO_POLICY = 'migrate-to-policy' MIGRATE_TO_POLICY = 'migrate-to-policy'
LIST_POLICIES = 'list-policies'
UPDATE_LOGGING = 'update-logging' UPDATE_LOGGING = 'update-logging'
NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports' NSX_MIGRATE_EXCLUDE_PORTS = 'migrate-exclude-ports'
MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp' MIGRATE_VDR_DHCP = 'migrate-vdr-dhcp'
@ -193,6 +194,7 @@ nsxv_resources = {
[Operations.LIST.value, [Operations.LIST.value,
Operations.FIX_MISMATCH.value, Operations.FIX_MISMATCH.value,
Operations.MIGRATE_TO_POLICY.value, Operations.MIGRATE_TO_POLICY.value,
Operations.LIST_POLICIES.value,
Operations.UPDATE_LOGGING.value]), Operations.UPDATE_LOGGING.value]),
constants.FIREWALL_NSX_GROUPS: Resource( constants.FIREWALL_NSX_GROUPS: Resource(
constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value, constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,