diff --git a/vmware_nsxlib/tests/unit/v3/policy/test_lb_resources.py b/vmware_nsxlib/tests/unit/v3/policy/test_lb_resources.py index 5144691c..16d4c321 100644 --- a/vmware_nsxlib/tests/unit/v3/policy/test_lb_resources.py +++ b/vmware_nsxlib/tests/unit/v3/policy/test_lb_resources.py @@ -867,6 +867,8 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase): profile_id=waf_profile_id, tenant=TEST_TENANT) waf_profile_binding = lb_defs.WAFProfileBindingDef( waf_profile_path=waf_profile_path) + lb_acl = self.resourceApi.build_access_list_control( + constants.ACTION_ALLOW, 'fake_group_path', True) with mock.patch.object(self.policy_api, "create_or_update") as api_call: result = self.resourceApi.create_or_overwrite( @@ -874,10 +876,13 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase): virtual_server_id=obj_id, waf_profile_binding=waf_profile_binding, description=description, + access_list_control=lb_acl, tenant=TEST_TENANT) expected_def = lb_defs.LBVirtualServerDef( + nsx_version=self.policy_lib.get_version(), virtual_server_id=obj_id, name=name, description=description, waf_profile_binding=waf_profile_binding, + access_list_control=lb_acl.get_obj_dict(), tenant=TEST_TENANT) self.assert_called_with_def(api_call, expected_def) self.assertEqual(obj_id, result) @@ -1137,6 +1142,16 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase): rules=[{'display_name': 'yy'}]) self.assert_called_with_def(update_call, expected_def) + def test_build_access_list_control(self): + lb_acl = self.resourceApi.build_access_list_control( + constants.ACTION_ALLOW, 'fake_group_path', True) + expected_acl_dict = { + 'action': constants.ACTION_ALLOW, + 'enabled': True, + 'group_path': 'fake_group_path' + } + self.assertDictEqual(lb_acl.get_obj_dict(), expected_acl_dict) + def test_wait_until_realized_fail(self): vs_id = 'test_vs' info = {'state': constants.STATE_UNREALIZED, diff --git a/vmware_nsxlib/v3/policy/lb_defs.py b/vmware_nsxlib/v3/policy/lb_defs.py index 32700c93..f107763c 100644 --- a/vmware_nsxlib/v3/policy/lb_defs.py +++ b/vmware_nsxlib/v3/policy/lb_defs.py @@ -294,8 +294,26 @@ class LBVirtualServerDef(ResourceDef): lb_pool_id=lb_pool_id, tenant=self.get_tenant()) path = lb_pool_def.get_resource_full_path() body['pool_path'] = path + if self.has_attr('access_list_control'): + lb_alc = self.get_attr('access_list_control') + if isinstance(lb_alc, LBAccessListControlDef): + self.attrs['access_list_control'] = lb_alc.get_obj_dict() + self._set_attrs_if_supported(body, ['access_list_control']) return body + def _version_dependant_attr_supported(self, attr): + if (version.LooseVersion(self.nsx_version) >= + version.LooseVersion(nsx_constants.NSX_VERSION_3_0_0)): + if attr == 'access_list_control': + return True + + LOG.warning( + "Ignoring %s for %s %s: this feature is not supported. " + "Current NSX version: %s. Minimum supported version: %s", + attr, self.resource_type, self.attrs.get('name', ''), + self.nsx_version, nsx_constants.NSX_VERSION_3_0_0) + return False + class ClientSSLProfileBindingDef(object): def __init__(self, default_certificate_path, sni_certificate_paths=None, @@ -516,3 +534,19 @@ class LBTcpMonitorProfileDef(LBMonitorProfileBaseDef): @staticmethod def resource_type(): return "LBTcpMonitorProfile" + + +class LBAccessListControlDef(object): + def __init__(self, action, group_path, enabled=None): + self.action = action + self.group_path = group_path + self.enabled = enabled + + def get_obj_dict(self): + access_list_control = { + 'action': self.action, + 'group_path': self.group_path + } + if self.enabled is not None: + access_list_control['enabled'] = self.enabled + return access_list_control diff --git a/vmware_nsxlib/v3/policy/lb_resources.py b/vmware_nsxlib/v3/policy/lb_resources.py index 4656e45c..d8953c3b 100644 --- a/vmware_nsxlib/v3/policy/lb_resources.py +++ b/vmware_nsxlib/v3/policy/lb_resources.py @@ -700,6 +700,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase): server_ssl_profile_binding=IGNORE, waf_profile_binding=IGNORE, max_concurrent_connections=IGNORE, + access_list_control=IGNORE, tenant=constants.POLICY_INFRA_TENANT, tags=IGNORE): virtual_server_id = self._init_obj_uuid(virtual_server_id) @@ -719,6 +720,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase): server_ssl_profile_binding=server_ssl_profile_binding, waf_profile_binding=waf_profile_binding, max_concurrent_connections=max_concurrent_connections, + access_list_control=access_list_control, tags=tags ) self._create_or_store(lbvs_def) @@ -750,6 +752,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase): server_ssl_profile_binding=IGNORE, waf_profile_binding=IGNORE, max_concurrent_connections=IGNORE, + access_list_control=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT): @@ -773,6 +776,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase): server_ssl_profile_binding=server_ssl_profile_binding, waf_profile_binding=waf_profile_binding, max_concurrent_connections=max_concurrent_connections, + access_list_control=access_list_control, tags=tags) _update() @@ -912,6 +916,9 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase): virtual_server_id=virtual_server_id, vs_data=body, rules=lb_rules, tenant=tenant) + def build_access_list_control(self, action, group_path, enabled=None): + return lb_defs.LBAccessListControlDef(action, group_path, enabled) + def get_path(self, virtual_server_id, tenant=constants.POLICY_INFRA_TENANT): profile_def = self.entry_def(