x
/
vmware-nsxlib
Code Issues Proposed changes

Add api support for enabling snat rule logging 

1. For MP, add logging parameter in snat rule creating api
2. For Policy, change parameter name from log to logging for tier0
   and tier1 snat rule object.

Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
(cherry picked from commit 0323737ed1)
This commit is contained in:
sean 2020-11-05 18:26:46 -08:00 committed by Salvatore Orlando
parent 6a05cd2383
commit 7301402c29
5 changed files with 42 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
vmware_nsxlib/tests/unit/v3/policy/test_resources.py
View File

@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = False
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2,
firewall_match=firewall_match,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id,
nat_rule_id=nat_rule_id,
@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2,
firewall_match=firewall_match,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result)
@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = False
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id,
@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = True
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id,
@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result)
@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = True
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id,
@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)

13
vmware_nsxlib/tests/unit/v3/test_resources.py
View File

@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource):
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
action='SNAT', expect_failure=False):
action='SNAT', expect_failure=False,
logging=False):
router = self.get_mocked_resource()
translated_net = '1.1.1.1'
priority = 10
@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource):
'display_name': display_name,
'enabled': True,
'translated_network': translated_net,
'rule_priority': priority
'rule_priority': priority,
'logging': logging
}
if add_bypas_arg:
# Expect nat_pass to be sent to the backend
@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource):
translated_network=translated_net,
rule_priority=priority,
bypass_firewall=False,
display_name=display_name)
display_name=display_name,
logging=logging)
except exceptions.InvalidInput as e:
if expect_failure:
return
@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource):
# Ignoring 'bypass_firewall' with version 1.1
self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
def test_nat_rule_create_with_logging(self):
# enable logging parameter in snat obj
self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True)
def test_nat_rule_create_v2(self):
# Sending 'bypass_firewall' with version 1.1
self._test_nat_rule_create('2.0.0')

4
vmware_nsxlib/v3/core_resources.py
View File

@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
enabled=True, rule_priority=None,
match_ports=None, match_protocol=None,
match_resource_type=None,
bypass_firewall=True,
bypass_firewall=True, logging=None,
tags=None,
display_name=None):
self._validate_nat_rule_action(action)
@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
body['tags'] = tags
if display_name:
body['display_name'] = display_name
if logging is not None:
body['logging'] = logging
return self.client.create(resource, body)
def change_edge_firewall_status(self, logical_router_id, action):

2
vmware_nsxlib/v3/policy/core_defs.py
View File

@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef):
'destination_network',
'translated_network',
'firewall_match',
'log',
'logging',
'sequence_number',
'enabled'])
return body

16
vmware_nsxlib/v3/policy/core_resources.py
View File

@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)