VPN policy rules update

The NSX policy rules changed on the nSX. The session rules will always be 'protect' rules, and bypass rules were added to the vpn service. Change-Id: I2dbf54544e7b49b828c5372f792e55fb1bd19d7c
2018-02-15 11:27:36 +02:00 · 2018-02-15 11:27:36 +02:00 · 3d4cb671fb
parent 2656e43357
commit 3d4cb671fb
1 changed files with 5 additions and 10 deletions
--- a/vmware_nsxlib/v3/vpn_ipsec.py
+++ b/vmware_nsxlib/v3/vpn_ipsec.py
@ -109,11 +109,6 @@ class IkeLogLevelTypes(object):
    LOG_LEVEL_ERROR = 'ERROR'


-class PolicyRuleActionTypes(object):
-    POLICY_RULE_ACTION_BYPASS = 'BYPASS'
-    POLICY_RULE_ACTION_PROTECT = 'PROTECT'
-
-
 class IkeProfile(utils.NsxLibApiBase):

    @property
@ -386,14 +381,12 @@ class Session(utils.NsxLibApiBase):
            body['tags'] = tags
        return self.client.create(self.get_path(), body=body)

-    def get_rule_obj(self, sources, destinations,
-                     action=PolicyRuleActionTypes.POLICY_RULE_ACTION_PROTECT):
+    def get_rule_obj(self, sources, destinations):
        src_subnets = [{'subnet': src} for src in sources]
        dst_subnets = [{'subnet': dst} for dst in destinations]
        return {
            'sources': src_subnets,
-            'destinations': dst_subnets,
-            'action': action
+            'destinations': dst_subnets
        }

    def update(self, uuid, name=None, description=None, policy_rules=None,
@ -422,7 +415,7 @@ class Service(utils.NsxLibApiBase):

    def create(self, name, logical_router_id,
               enabled=True, ike_log_level="ERROR",
-               tags=None):
+               tags=None, bypass_rules=None):

        # mandatory parameters
        body = {'display_name': name,
@ -434,6 +427,8 @@ class Service(utils.NsxLibApiBase):
            body['enabled'] = enabled
        if tags:
            body['tags'] = tags
+        if bypass_rules:
+            body['bypass_rules'] = bypass_rules
        return self.client.create(self.get_path(), body=body)