Support for adding raw service entries in security policy rules.
Change-Id: I8f885c7905417d6b6a7c88b304c92d0d4b37f085
This commit is contained in:
parent
bcf20e2466
commit
5566983e95
|
@ -1585,6 +1585,8 @@ class SecurityPolicyRuleBaseDef(ResourceDef):
|
|||
if self.has_attr('service_ids'):
|
||||
service_ids = self.get_attr('service_ids')
|
||||
body['services'] = self.get_services_path(service_ids)
|
||||
|
||||
self._set_attr_if_supported(body, 'service_entries')
|
||||
return body
|
||||
|
||||
@classmethod
|
||||
|
@ -1598,6 +1600,19 @@ class SecurityPolicyRuleBaseDef(ResourceDef):
|
|||
rule_def.set_obj_dict(rule_dict)
|
||||
return rule_def
|
||||
|
||||
def _version_dependant_attr_supported(self, attr):
|
||||
if attr == 'service_entries':
|
||||
if (version.LooseVersion(self.nsx_version) >=
|
||||
version.LooseVersion(nsx_constants.NSX_VERSION_3_0_0)):
|
||||
return True
|
||||
LOG.warning(
|
||||
"Ignoring %s for %s %s: this feature is not supported."
|
||||
"Current NSX version: %s. Minimum supported version: %s",
|
||||
attr, self.resource_type, self.attrs.get('name', ''),
|
||||
self.nsx_version, nsx_constants.NSX_VERSION_3_0_0)
|
||||
return False
|
||||
return False
|
||||
|
||||
|
||||
class CommunicationMapEntryDef(SecurityPolicyRuleBaseDef):
|
||||
|
||||
|
|
|
@ -3067,6 +3067,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
source_groups=None, dest_groups=None,
|
||||
direction=nsx_constants.IN_OUT, logged=False, tag=None,
|
||||
ip_protocol=nsx_constants.IPV4_IPV6,
|
||||
service_entries=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT):
|
||||
"""Get the definition of a single map entry"""
|
||||
entry_id = self._init_obj_uuid(entry_id)
|
||||
|
@ -3085,6 +3086,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
ip_protocol=ip_protocol,
|
||||
logged=logged,
|
||||
tag=tag,
|
||||
service_entries=service_entries,
|
||||
tenant=tenant)
|
||||
|
||||
def create_with_entries(
|
||||
|
@ -3123,6 +3125,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
ip_protocol=nsx_constants.IPV4_IPV6,
|
||||
direction=nsx_constants.IN_OUT,
|
||||
logged=False, tag=None,
|
||||
service_entries=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT):
|
||||
"""Create CommunicationMap Entry.
|
||||
|
||||
|
@ -3152,6 +3155,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
direction=direction,
|
||||
logged=logged,
|
||||
tag=tag,
|
||||
service_entries=service_entries,
|
||||
tenant=tenant)
|
||||
|
||||
self._create_or_store(entry_def)
|
||||
|
@ -3256,6 +3260,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
action=IGNORE, source_groups=IGNORE, dest_groups=IGNORE,
|
||||
scope=IGNORE, ip_protocol=IGNORE,
|
||||
direction=IGNORE, logged=IGNORE, tags=IGNORE, tag=IGNORE,
|
||||
service_entries=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT):
|
||||
if self._any_arg_set(name, description, sequence_number, service_ids,
|
||||
action, source_groups, dest_groups, scope,
|
||||
|
@ -3277,6 +3282,7 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
|
|||
logged=logged,
|
||||
tags=tags,
|
||||
tag=tag,
|
||||
service_entries=service_entries,
|
||||
tenant=tenant)
|
||||
self.policy_api.create_or_update(entry_def)
|
||||
|
||||
|
|
Loading…
Reference in New Issue