client.get method retrieves only the first page of results from NSX. In large
scale environments, we wouldn't return all the Certificates. The patch fixes
this behavior to return all the certificates on NSX
Change-Id: Ied440a11fdf2cef02b3fe458ef78cda4ea8492d0
According to NSX side fix merged in NSX versions 3.2.3
(and later impactor releases if any) and 4.1.*, update
the version check.
Change-Id: I8e5b29da1d10b076bef159d45ba436d135718ca8
(cherry picked from commit 3a627ed498)
Since the new POST API to restore vif only exists
on NSX version >=4.1.0, add version check before
invoking the new POST API. Otherwise, still use
the old patch API.
Change-Id: Ic0047cba6ccaf275830b3c24a73f59ca28883de6
When restore vif, we need to use POST api with init_state:RESTORE_VIF
for NSX to persist all properties including tags and address_bindings.
Change-Id: I0d49a3860349a4d021cc9c881fb60543936feefc
Drop jobs as they are not supported anymore from tempest.
Bump oslo log to 5.0 to comply with global requirements.
Change-Id: I7154e488456625cea5a4f69a4f00861e03ccfa94
PR 2907548 shows the need of implementing also a regeneration trigger
in the exception handler to help with recovering from
invalid XSRF Token issue.
Change-Id: I51897596259bf6abcee26b148c5b70c5eb02d459
(cherry picked from commit 8a5b39e90b)
The NCP-AKO integration in WCP requires NCP to retrieve Avi auth token
and enforcement point information and pass to AKO controller.
Thus, add support for the corresponding API calls in nsxlib.
Change-Id: I7caa7faa80aa6c0f84d24e7ad1f629c5d6af542d
(cherry picked from commit bcb49996e5)
In certain cases, caller would need to add route advertisment rules on
Policy Tier1 owned by other accounts. This change adds the support by
propagating the "force" param to include X-Allow-Overwrite header in the
final API call. The same operation is already allowed in MP counterpart.
Change-Id: Ic09fb16dd2403f33323c179d68fd2f1f3ce4bb42
(cherry picked from commit cfe4ed8e27)
Logical port creation is a POST request. Sometimes it will trigger
ConnectionResetError which is a IOError. request_with_retry_on_ssl_error
will retry it.
If request has parameter retry_confirm, exception will be raised so ncp
could query if port has been created to avoid creating port twice.
Change-Id: Ic97b39c7a3736f02a79ab891970c1ad67b123156
(cherry picked from commit ac224a85a8)
Since there are two realized entities for subnet in
API policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/ip-pools/pool-1/ip-subnets/subnet-1,
sometimes we want to check the realization state for all entities.
Add all_results param in get_ip_subnet_realization_info func
to check all the entities realization state, and
return all the realized entities if no entity_type param set.
The default value for all_results is False.
Change-Id: I5a48c8f7e711090b38ea31d5f732f022bc7bd4bc
(cherry picked from commit a62e5ad111)
This change adds support for specifying ChildResourceReference entries
in NSX H-API transactions.
It also adds a method patch_entries to update security policy rules
specifying only individual rules to add.
This allows for adding rules to a security policy in a much faster way.
Change-Id: Ib2c9298b013a799a5363951855be6d16ba76d7a8
When querying switching profiles including system owned, there is
a trailing slash at the end of the URI.
This change removes this slash.
Change-Id: Iaa7d18fa8fdcd22c29baf2265259dfe843890213
Erro code 610 is thrown when a NSX transaction is stopped.
The transaction should be retried by the client.
This change ensures erro 610 is handled with APITransactionAborted
exception and therefore retried.
Change-Id: Ice1d712f78ffb5e9ea12fc485e3d4ac52167f678
This change enables specifying multicast in Segment's advanced_config
attribute. Upon update, the attribute is replaced. It is up to the
caller to make sure other components such as address_pool_paths are
not overwritten.
Change-Id: I738daa6243772006b69e6149b42de9451befa7e5
With this change deprecated endpoints and the deprecated permission_group
parameter won't be used anymore.
The identity will now be created with the enterprise_admin role.
Change-Id: Ie202c78487a5273ddb58923e7479157c1da091a1
In setting T0 static route, a scope parameter is needed.
This patch fixes the problem with previous implementation by
adding the scope field in static route definition
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I9b6e579e8e57e13cb1ba9e797c7348e23e3aaa8f
(cherry picked from commit d8596e784e)
Adds Tier 0 static routes API to support dev
on NCP side on multi VRF and multi T0 topology
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I73756350b23dbd8f23c8e22ad84abe93b49831a4
(cherry picked from commit 4dcc68b807)
Currently in get_realizaiton_info in Tier1 API, the entity_type
is ignored. This patch fixes this issue to use entity_type to
filter for realized entity returned by this API
Also to easily get router port, an API is added for Tier1 API
to return a list of RouterPort realized associated with the tier1
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: Ife3f3652255db4ffc72872e4aef84418bf1a3211
(cherry picked from commit a953b1df2f)
This patch allows IP Pool to be deleted with transaction, so that the IP
pool can be removed with its child resources (i.e. pool subnets, ip
allocations) in one API call.
Change-Id: I873f7b714a313ff5b512a3898aedab9bd805163b
(cherry picked from commit cf25fb0923)
since POST /api/v1/trust-management/principal-identities is deprecated.
Change-Id: I5ff5f05aa6ba0e38523e6d4d8009e6aaa67449c8
(cherry picked from commit 5af19175cd)
Object-level RBAC Entries Support in Policy API. This resource
controls the CRUD permissions of specified user to specified resources.
URL: /policy/api/v1/aaa/object-permissions
Change-Id: If065da6e5c91fe16a563527ec2ec36c445c9afd1
(Cherry-picked from commit f0d39ed978)
Urllib3 Retry class's increment method has been used and we don't
understand why. Since it's impossible to add logs directly in Retry class,
this patch subclasses Retry and adds logging capabilities to log
server response and relevant cause if we hit this bug again
Signed-off-by: rmiao106 <rmiao@vmware.com>
Change-Id: I2bd13ee635879a343c7a05886b397b3ffda5006a
(cherry picked from commit 3481739598)
NSX checks revision number for PUT requests. It rejects the request
if revision number is not latest. This is helpful for preventing
clients overwriting each other's change to the same object concurrently.
Change-Id: I226782f268b129a8e086938d8ebf258c2abc017e
(cherry picked from commit 4643ed6647)
Although we need to skip the request to /api/session/create with JWT
based auth (original patch: https://review.opendev.org/c/x/vmware-nsxlib/+/774025/),
we should update the session headers with the JWT token.
Change-Id: I87a338f99c195e163d3618c123760c13252317ab
Provide a new parameter in cluster API initilalize func to disable
health check and endpoint accessiblitlity check.
By default the value is True, for some scenarios, when creating
a nsxlib object, users does not intend to validate the endpoint
state, for example, in ncp election process.
Change-Id: I6485a91f1d764fbb7ae3edc61541b7cd9f97682e
(cherry picked from commit ce1d1e2424)
We suspect session might be reused accross threads that leads to
rare SSL errors. This extra printout can help debug the issue.
Change-Id: I67e08ec48fb411d6d5a083fea6a6b68051f07617
(cherry picked from commit afcefb8b44)
According to NSX Authentication team's response
in bug 2708018, we should not be using /api/session/create
with JWT based auth, which will cause
session create failed with 403 response.
Change-Id: Ic09090d633301401906815743bbdd83b55212203
(cherry picked from commit 10366f00ba)