Add methods for firewall section and rule

1. get logical port applyto reference 2. get rule address 3. get l4 portset nsservice 4. create section with formatted applied_tos Change-Id: I02003b64f6937f1200572cb07accd8b59be19544
2017-02-27 22:05:58 -08:00 · 2017-02-27 22:05:58 -08:00 · a0b008c96c
parent 4b654b13af
commit a0b008c96c
1 changed files with 36 additions and 0 deletions
--- a/vmware_nsxlib/v3/security.py
+++ b/vmware_nsxlib/v3/security.py
@ -316,6 +316,21 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
            resource += '&id=%s' % other_section
        return self.client.create(resource, body)

+    def create(self, display_name, description, applied_tos, tags=None,
+               operation=consts.FW_INSERT_BOTTOM, other_section=None):
+        resource = 'firewall/sections?operation=%s' % operation
+        body = {
+            'display_name': display_name,
+            'description': description,
+            'stateful': True,
+            'section_type': consts.FW_SECTION_LAYER3,
+            'applied_tos': applied_tos,
+            'tags': tags or []
+        }
+        if other_section:
+            resource += '&id=%s' % other_section
+        return self.client.create(resource, body)
+
    def update(self, section_id, display_name=None, description=None,
               applied_tos=None, rules=None, tags_update=None):
        # Using internal method so we can access max_attempts in the decorator
@ -363,6 +378,10 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
        return {'target_id': nsgroup_id,
                'target_type': consts.NSGROUP}

+    def get_logicalport_reference(self, port_id):
+        return {'target_id': port_id,
+                'target_type': consts.TARGET_TYPE_LOGICAL_PORT}
+
    def get_ip_cidr_reference(self, ip_cidr_block, ip_protocol):
        target_type = (consts.TARGET_TYPE_IPV4ADDRESS
                       if ip_protocol == consts.IPV4
@ -370,6 +389,23 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
        return {'target_id': ip_cidr_block,
                'target_type': target_type}

+    def get_rule_address(self, target_id, display_name=None, is_valid=True,
+                         target_type=consts.TARGET_TYPE_IPV4ADDRESS):
+        return {'target_display_name': display_name or '',
+                'target_id': target_id,
+                'is_valid': is_valid,
+                'target_type': target_type}
+
+    def get_l4portset_nsservice(self, sources=None, destinations=None,
+                                protocol=consts.TCP):
+        return {
+            'service': {
+                'resource_type': 'L4PortSetNSService',
+                'source_ports': sources or [],
+                'destination_ports': destinations or [],
+                'l4_protocol': protocol}
+        }
+
    def get_rule_dict(self, display_name, sources=None, destinations=None,
                      direction=consts.IN_OUT, ip_protocol=consts.IPV4_IPV6,
                      services=None, action=consts.FW_ACTION_ALLOW,