Browse Source

Add api support for enabling snat rule logging

1. For MP, add logging parameter in snat rule creating api
2. For Policy, change parameter name from log to logging for tier0
   and tier1 snat rule object.

Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
(cherry picked from commit 0323737ed1)
changes/08/766708/1
sean 9 months ago
committed by Salvatore Orlando
parent
commit
7301402c29
  1. 28
      vmware_nsxlib/tests/unit/v3/policy/test_resources.py
  2. 13
      vmware_nsxlib/tests/unit/v3/test_resources.py
  3. 4
      vmware_nsxlib/v3/core_resources.py
  4. 2
      vmware_nsxlib/v3/policy/core_defs.py
  5. 16
      vmware_nsxlib/v3/policy/core_resources.py

28
vmware_nsxlib/tests/unit/v3/policy/test_resources.py

@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = False
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2,
firewall_match=firewall_match,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id,
nat_rule_id=nat_rule_id,
@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2,
firewall_match=firewall_match,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result)
@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = False
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id,
@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = True
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id,
@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result)
@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24'
enabled = True
logging = True
with mock.patch.object(self.policy_api,
"create_or_update") as api_call:
@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id,
@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match,
source_network=cidr2,
tenant=TEST_TENANT,
enabled=enabled)
enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def)

13
vmware_nsxlib/tests/unit/v3/test_resources.py

@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource):
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
action='SNAT', expect_failure=False):
action='SNAT', expect_failure=False,
logging=False):
router = self.get_mocked_resource()
translated_net = '1.1.1.1'
priority = 10
@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource):
'display_name': display_name,
'enabled': True,
'translated_network': translated_net,
'rule_priority': priority
'rule_priority': priority,
'logging': logging
}
if add_bypas_arg:
# Expect nat_pass to be sent to the backend
@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource):
translated_network=translated_net,
rule_priority=priority,
bypass_firewall=False,
display_name=display_name)
display_name=display_name,
logging=logging)
except exceptions.InvalidInput as e:
if expect_failure:
return
@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource):
# Ignoring 'bypass_firewall' with version 1.1
self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
def test_nat_rule_create_with_logging(self):
# enable logging parameter in snat obj
self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True)
def test_nat_rule_create_v2(self):
# Sending 'bypass_firewall' with version 1.1
self._test_nat_rule_create('2.0.0')

4
vmware_nsxlib/v3/core_resources.py

@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
enabled=True, rule_priority=None,
match_ports=None, match_protocol=None,
match_resource_type=None,
bypass_firewall=True,
bypass_firewall=True, logging=None,
tags=None,
display_name=None):
self._validate_nat_rule_action(action)
@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
body['tags'] = tags
if display_name:
body['display_name'] = display_name
if logging is not None:
body['logging'] = logging
return self.client.create(resource, body)
def change_edge_firewall_status(self, logical_router_id, action):

2
vmware_nsxlib/v3/policy/core_defs.py

@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef):
'destination_network',
'translated_network',
'firewall_match',
'log',
'logging',
'sequence_number',
'enabled'])
return body

16
vmware_nsxlib/v3/policy/core_resources.py

@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)
@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE,
action=IGNORE,
sequence_number=IGNORE,
log=IGNORE,
logging=IGNORE,
tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE):
@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match,
action=action,
sequence_number=sequence_number,
log=log,
logging=logging,
tags=tags,
tenant=tenant,
enabled=enabled)

Loading…
Cancel
Save