Allow passing args of type list for NSGroup and firewall rule methods
The current NSGroup create method does not allow for passing a list of membership criterias. Similarly the source, destination and service arguments of Firewall rule method does not allow for passing a list. This patch provides a fix for it and updates all occurences of get_rule_dict with appropriate values. This patch also adds a new arg to get_rule_dict to allow creation of firewall rules with the disabled=True or False. The default value of this arg is False, which means rules are enabled. Change-Id: I6b16d37bf3ca61f3c9f02688f9548ea4b3b6adb6
This commit is contained in:
Abhishek Raut
parent
05fdc812d5
commit
0294780a4d
|
|
@ -118,7 +118,13 @@ class NsxLibNsGroup(utils.NsxLibApiBase):
|
||||||
'tags': tags,
|
'tags': tags,
|
||||||
'members': []}
|
'members': []}
|
||||||
if membership_criteria:
|
if membership_criteria:
|
||||||
body.update({'membership_criteria': [membership_criteria]})
|
# Allow caller to pass a list of membership criterias.
|
||||||
|
# The 'else' block is maintained for backwards compatibility
|
||||||
|
# where in a caller might only send a single membership criteria.
|
||||||
|
if isinstance(membership_criteria, list):
|
||||||
|
body.update({'membership_criteria': membership_criteria})
|
||||||
|
else:
|
||||||
|
body.update({'membership_criteria': [membership_criteria]})
|
||||||
return self.client.create('ns-groups', body)
|
return self.client.create('ns-groups', body)
|
||||||
|
|
||||||
def list(self):
|
def list(self):
|
||||||
|
|
@ -361,18 +367,20 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
|
||||||
return {'target_id': ip_cidr_block,
|
return {'target_id': ip_cidr_block,
|
||||||
'target_type': target_type}
|
'target_type': target_type}
|
||||||
|
|
||||||
def get_rule_dict(self, display_name, source=None, destination=None,
|
def get_rule_dict(self, display_name, sources=None, destinations=None,
|
||||||
direction=consts.IN_OUT, ip_protocol=consts.IPV4_IPV6,
|
direction=consts.IN_OUT, ip_protocol=consts.IPV4_IPV6,
|
||||||
service=None, action=consts.FW_ACTION_ALLOW,
|
services=None, action=consts.FW_ACTION_ALLOW,
|
||||||
logged=False):
|
logged=False, disabled=False):
|
||||||
return {'display_name': display_name,
|
rule_dict = {'display_name': display_name,
|
||||||
'sources': [source] if source else [],
|
'direction': direction,
|
||||||
'destinations': [destination] if destination else [],
|
'ip_protocol': ip_protocol,
|
||||||
'direction': direction,
|
'action': action,
|
||||||
'ip_protocol': ip_protocol,
|
'logged': logged,
|
||||||
'services': [service] if service else [],
|
'disabled': disabled,
|
||||||
'action': action,
|
'sources': sources or [],
|
||||||
'logged': logged}
|
'destinations': destinations or [],
|
||||||
|
'services': services or []}
|
||||||
|
return rule_dict
|
||||||
|
|
||||||
def add_rule(self, rule, section_id):
|
def add_rule(self, rule, section_id):
|
||||||
resource = 'firewall/sections/%s/rules' % section_id
|
resource = 'firewall/sections/%s/rules' % section_id
|
||||||
|
|
@ -421,9 +429,9 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
|
||||||
service = self._decide_service(sg_rule)
|
service = self._decide_service(sg_rule)
|
||||||
name = sg_rule['id']
|
name = sg_rule['id']
|
||||||
|
|
||||||
return self.get_rule_dict(name, source,
|
return self.get_rule_dict(name, [source],
|
||||||
destination, direction,
|
[destination], direction,
|
||||||
ip_protocol, service,
|
ip_protocol, [service],
|
||||||
action, logged)
|
action, logged)
|
||||||
|
|
||||||
def create_rules(self, context, section_id, nsgroup_id,
|
def create_rules(self, context, section_id, nsgroup_id,
|
||||||
|
|
@ -479,7 +487,7 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
|
||||||
destination_ports=[68])
|
destination_ports=[68])
|
||||||
dhcp_client_rule_in = self.get_rule_dict(
|
dhcp_client_rule_in = self.get_rule_dict(
|
||||||
'DHCP Reply', direction=consts.IN,
|
'DHCP Reply', direction=consts.IN,
|
||||||
service=dhcp_client)
|
services=[dhcp_client])
|
||||||
|
|
||||||
dhcp_server = (
|
dhcp_server = (
|
||||||
self.get_nsservice(
|
self.get_nsservice(
|
||||||
|
|
@ -489,7 +497,7 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
|
||||||
destination_ports=[67]))
|
destination_ports=[67]))
|
||||||
dhcp_client_rule_out = self.get_rule_dict(
|
dhcp_client_rule_out = self.get_rule_dict(
|
||||||
'DHCP Request', direction=consts.OUT,
|
'DHCP Request', direction=consts.OUT,
|
||||||
service=dhcp_server)
|
services=[dhcp_server])
|
||||||
|
|
||||||
self.update(section['id'],
|
self.update(section['id'],
|
||||||
name, section['description'],
|
name, section['description'],
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue