diff --git a/vmware_nsxlib/tests/unit/v3/test_resources.py b/vmware_nsxlib/tests/unit/v3/test_resources.py index 856615b2..6f317881 100644 --- a/vmware_nsxlib/tests/unit/v3/test_resources.py +++ b/vmware_nsxlib/tests/unit/v3/test_resources.py @@ -989,8 +989,8 @@ class LogicalRouterTestCase(BaseTestResource): 'logging': logging } if add_bypass_arg and not firewall_match: - # Expect nat_pass to be sent to the backend - data['nat_pass'] = False + # When bypass is specified we either set match to internal addr + data['firewall_match'] = 'MATCH_INTERNAL_ADDRESS' elif firewall_match: data['firewall_match'] = firewall_match diff --git a/vmware_nsxlib/tests/unit/v3/test_utils.py b/vmware_nsxlib/tests/unit/v3/test_utils.py index a70ba099..3a09b03b 100644 --- a/vmware_nsxlib/tests/unit/v3/test_utils.py +++ b/vmware_nsxlib/tests/unit/v3/test_utils.py @@ -375,14 +375,6 @@ class NsxFeaturesTestCase(nsxlib_testcase.NsxLibTestCase): self.assertTrue(self.nsxlib.feature_supported( nsx_constants.FEATURE_EXCLUDE_PORT_BY_TAG)) - def test_v4_features(self): - self.nsxlib.nsx_version = "4.0.1" - self.assertFalse(self.nsxlib.feature_supported( - nsx_constants.FEATURE_ROUTER_FIREWALL)) - self.nsxlib.nsx_version = "4.0.0" - self.assertTrue(self.nsxlib.feature_supported( - nsx_constants.FEATURE_ROUTER_FIREWALL)) - def test_v2_features_plus(self): self.test_v2_features(current_version='2.0.1') diff --git a/vmware_nsxlib/v3/__init__.py b/vmware_nsxlib/v3/__init__.py index c9cf7d87..b47fad4e 100644 --- a/vmware_nsxlib/v3/__init__.py +++ b/vmware_nsxlib/v3/__init__.py @@ -148,12 +148,6 @@ class NsxLib(lib.NsxLibBase): return node.get('export_type') == 'RESTRICTED' def feature_supported(self, feature): - if (version.LooseVersion(self.get_version()) >= - version.LooseVersion(nsx_constants.NSX_VERSION_4_0_1)): - # feature added since 2.0, removed since 4.0.1 - if feature == nsx_constants.FEATURE_ROUTER_FIREWALL: - return False - if (version.LooseVersion(self.get_version()) >= version.LooseVersion(nsx_constants.NSX_VERSION_3_1_0)): # features available since 3.1.0 diff --git a/vmware_nsxlib/v3/core_resources.py b/vmware_nsxlib/v3/core_resources.py index cacdde44..cd49aa27 100644 --- a/vmware_nsxlib/v3/core_resources.py +++ b/vmware_nsxlib/v3/core_resources.py @@ -636,14 +636,19 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase): 'destination_ports': match_ports, 'l4_protocol': match_protocol or nsx_constants.TCP} - # nat_pass parameter is supported with the router firewall feature - # this parameter is deprecated, and should never be used + # the router firewall feature is implemented with the firewall_match + # paramter which has replaced nat_pass if (self.nsxlib and self.nsxlib.feature_supported( nsx_constants.FEATURE_ROUTER_FIREWALL)): - # only consider nat_pass if firewall_match is not specified + # only consider bypass_firewall if firewall_match is not specified if not firewall_match: - body['nat_pass'] = bypass_firewall + if bypass_firewall: + body['firewall_match'] = ( + nsx_constants.NAT_FIREWALL_MATCH_BYPASS) + else: + body['firewall_match'] = ( + nsx_constants.NAT_FIREWALL_MATCH_INTERNAL) else: body['firewall_match'] = firewall_match elif not bypass_firewall or firewall_match: diff --git a/vmware_nsxlib/v3/nsx_constants.py b/vmware_nsxlib/v3/nsx_constants.py index d4072637..8bacde33 100644 --- a/vmware_nsxlib/v3/nsx_constants.py +++ b/vmware_nsxlib/v3/nsx_constants.py @@ -165,7 +165,6 @@ NSX_VERSION_3_1_0 = '3.1.0' NSX_VERSION_3_2_0 = '3.2.0' NSX_VERSION_3_2_1 = '3.2.1' NSX_VERSION_4_0_0 = '4.0.0' -NSX_VERSION_4_0_1 = '4.0.1' # Features available depending on the NSX Manager backend version FEATURE_MAC_LEARNING = 'MAC Learning'