Support for adding raw service entries in security policy rules.

Change-Id: I8f885c7905417d6b6a7c88b304c92d0d4b37f085

vmware_nsxlib/v3/policy/core_defs.py

@@ -1585,6 +1585,8 @@ class SecurityPolicyRuleBaseDef(ResourceDef):
         if self.has_attr('service_ids'):
             service_ids = self.get_attr('service_ids')
             body['services'] = self.get_services_path(service_ids)
+
+        self._set_attr_if_supported(body, 'service_entries')
         return body
 
     @classmethod
@@ -1598,6 +1600,19 @@ class SecurityPolicyRuleBaseDef(ResourceDef):
         rule_def.set_obj_dict(rule_dict)
         return rule_def
 
+    def _version_dependant_attr_supported(self, attr):
+        if attr == 'service_entries':
+            if (version.LooseVersion(self.nsx_version) >=
+                    version.LooseVersion(nsx_constants.NSX_VERSION_3_0_0)):
+                return True
+            LOG.warning(
+                "Ignoring %s for %s %s: this feature is not supported."
+                "Current NSX version: %s. Minimum supported version: %s",
+                attr, self.resource_type, self.attrs.get('name', ''),
+                self.nsx_version, nsx_constants.NSX_VERSION_3_0_0)
+            return False
+        return False
+
 
 class CommunicationMapEntryDef(SecurityPolicyRuleBaseDef):
 

vmware_nsxlib/v3/policy/core_resources.py

@@ -3067,6 +3067,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                     source_groups=None, dest_groups=None,
                     direction=nsx_constants.IN_OUT, logged=False, tag=None,
                     ip_protocol=nsx_constants.IPV4_IPV6,
+                    service_entries=IGNORE,
                     tenant=constants.POLICY_INFRA_TENANT):
         """Get the definition of a single map entry"""
         entry_id = self._init_obj_uuid(entry_id)
@@ -3085,6 +3086,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                               ip_protocol=ip_protocol,
                               logged=logged,
                               tag=tag,
+                              service_entries=service_entries,
                               tenant=tenant)
 
     def create_with_entries(
@@ -3123,6 +3125,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                      ip_protocol=nsx_constants.IPV4_IPV6,
                      direction=nsx_constants.IN_OUT,
                      logged=False, tag=None,
+                     service_entries=IGNORE,
                      tenant=constants.POLICY_INFRA_TENANT):
         """Create CommunicationMap Entry.
 
@@ -3152,6 +3155,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                                    direction=direction,
                                    logged=logged,
                                    tag=tag,
+                                   service_entries=service_entries,
                                    tenant=tenant)
 
         self._create_or_store(entry_def)
@@ -3256,6 +3260,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                      action=IGNORE, source_groups=IGNORE, dest_groups=IGNORE,
                      scope=IGNORE, ip_protocol=IGNORE,
                      direction=IGNORE, logged=IGNORE, tags=IGNORE, tag=IGNORE,
+                     service_entries=IGNORE,
                      tenant=constants.POLICY_INFRA_TENANT):
         if self._any_arg_set(name, description, sequence_number, service_ids,
                              action, source_groups, dest_groups, scope,
@@ -3277,6 +3282,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
                 logged=logged,
                 tags=tags,
                 tag=tag,
+                service_entries=service_entries,
                 tenant=tenant)
             self.policy_api.create_or_update(entry_def)