Commit Graph

1180 Commits

Author SHA1 Message Date
Zuul
6049c40cbb Merge "Get all certificates from NSX" into stable/victoria-321 2023-05-29 09:52:11 +00:00
Gautam Verma
f3c54beb3f Get all certificates from NSX
client.get method retrieves only the first page of results from NSX. In large
scale environments, we wouldn't return all the Certificates. The patch fixes
this behavior to return all the certificates on NSX

Change-Id: Ied440a11fdf2cef02b3fe458ef78cda4ea8492d0
2023-05-29 17:42:33 +08:00
lxiaopei
8e01c67f7e Update version check to use POST API when restore vif
According to NSX side fix merged in NSX versions 3.2.3
(and later impactor releases if any) and 4.1.*, update
the version check.

Change-Id: I8e5b29da1d10b076bef159d45ba436d135718ca8
(cherry picked from commit 3a627ed498)
2023-04-06 13:36:53 +08:00
lxiaopei
e8b3891d5a Add version check to use POST API when restore vif
Since the new POST API to restore vif only exists
on NSX version >=4.1.0, add version check before
invoking the new POST API. Otherwise, still use
the old patch API.

Change-Id: Ic0047cba6ccaf275830b3c24a73f59ca28883de6
2023-02-27 16:10:58 +08:00
lxiaopei
8ce229227a Use POST API when restore vif
When restore vif, we need to use POST api with init_state:RESTORE_VIF
for NSX to persist all properties including tags and address_bindings.

Change-Id: I0d49a3860349a4d021cc9c881fb60543936feefc
2023-02-27 16:09:12 +08:00
Zuul
3a1d347a1e Merge "Handle bad XSRF token in exception handler" into stable/victoria-321 2022-06-02 07:00:46 +00:00
Salvatore Orlando
ab0991ac85 Drop py36 and py37 jobs
Drop jobs as they are not supported anymore from tempest.
Bump oslo log to 5.0 to comply with global requirements.

Change-Id: I7154e488456625cea5a4f69a4f00861e03ccfa94
2022-05-30 18:06:59 +00:00
Xiaotong Luo
d57a84f063 Handle bad XSRF token in exception handler
PR 2907548 shows the need of implementing also a regeneration trigger
in the exception handler to help with recovering from
invalid XSRF Token issue.

Change-Id: I51897596259bf6abcee26b148c5b70c5eb02d459
(cherry picked from commit 8a5b39e90b)
2022-05-19 14:20:44 +00:00
Xiaotong Luo
962c73b21d Add support for Avi auth token retrieval
The NCP-AKO integration in WCP requires NCP to retrieve Avi auth token
and enforcement point information and pass to AKO controller.
Thus, add support for the corresponding API calls in nsxlib.

Change-Id: I7caa7faa80aa6c0f84d24e7ad1f629c5d6af542d
(cherry picked from commit bcb49996e5)
2022-04-06 16:45:55 +00:00
Shawn Wang
8d8e970a5e Add force update of Policy T1 Adv Rules
In certain cases, caller would need to add route advertisment rules on
Policy Tier1 owned by other accounts. This change adds the support by
propagating the "force" param to include X-Allow-Overwrite header in the
final API call. The same operation is already allowed in MP counterpart.

Change-Id: Ic09fb16dd2403f33323c179d68fd2f1f3ce4bb42
(cherry picked from commit cfe4ed8e27)
2022-04-04 14:10:50 +00:00
Tao Zou
ce0abbb537 Fix the logical port created twice
Logical port creation is a POST request. Sometimes it will trigger
ConnectionResetError which is a IOError. request_with_retry_on_ssl_error
will retry it.
If request has parameter retry_confirm, exception will be raised so ncp
could query if port has been created to avoid creating port twice.

Change-Id: Ic97b39c7a3736f02a79ab891970c1ad67b123156
(cherry picked from commit ac224a85a8)
2022-03-11 06:16:44 +00:00
Salvatore Orlando
a52f9e0c6e Remove debug log statements
Remove several statements which were added to verify client behaviour
with H-API calls.

Change-Id: Ie535eaf68ec5c55582264df1db8f9bf5122e6455
2022-01-26 16:34:28 +00:00
Gautam Verma
f4a61f57e6 Accept locale_service_id to get seg interfaces on T1
Issue: #2883940
Change-Id: Ibe3fd0e921e35afbe0c890d252a20613e7b4ccdb
2022-01-14 23:58:59 +00:00
Salvatore Orlando
c3b4c7ba38 Fix typo in exception name
Replace "ManagerException" with "ManagerError"

Change-Id: I2fc8e081dd2f36c20ee6234df2c5c900d974cabc
2021-12-01 11:27:43 +00:00
Zuul
22dd0f3c33 Merge "Add NsxInvalidPath exception for error code 500012" into stable/victoria 2021-11-26 09:25:35 +00:00
Salvatore Orlando
1161ea96a0 Temporarily disable lower-constraints job
Change-Id: Ie3714f981b96a4a0e4d497d45a4cfd461509e013
(cherry picked from commit 34b43d6e47)
2021-11-26 06:47:36 +00:00
lxiaopei
03e08b21be Add NsxInvalidPath exception for error code 500012
We need to handle the 500012 error.

Change-Id: Ifba59b005f507b1ccf01896bfe467e3e3662be65
2021-11-26 06:20:05 +00:00
lxiaopei
af67fb5ab9 Add all_results param in get_ip_subnet_realization_info
Since there are two realized entities for subnet in
API policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/ip-pools/pool-1/ip-subnets/subnet-1,
sometimes we want to check the realization state for all entities.
Add all_results param in get_ip_subnet_realization_info func
to check all the entities realization state, and
return all the realized entities if no entity_type param set.
The default value for all_results is False.

Change-Id: I5a48c8f7e711090b38ea31d5f732f022bc7bd4bc
(cherry picked from commit a62e5ad111)
2021-11-19 00:36:25 +00:00
Zuul
760ed08121 Merge "NSX Policy: patch security rules with ChildResourceReference" into stable/victoria 2021-10-25 18:42:22 +00:00
Salvatore Orlando
5fcd4c22f5 NSX Policy: patch security rules with ChildResourceReference
This change adds support for specifying ChildResourceReference entries
in NSX H-API transactions.
It also adds a method patch_entries to update security policy rules
specifying only individual rules to add.

This allows for adding rules to a security policy in a much faster way.

Change-Id: Ib2c9298b013a799a5363951855be6d16ba76d7a8
2021-10-25 18:20:24 +00:00
Salvatore Orlando
fa64f81551 Remove trailing '/' in swiching profile operations
When querying switching profiles including system owned, there is
a trailing slash at the end of the URI.
This change removes this slash.

Change-Id: Iaa7d18fa8fdcd22c29baf2265259dfe843890213
2021-10-20 20:36:08 +00:00
Salvatore Orlando
ad522763a5 Add MP610 error code to retryable errors
Erro code 610 is thrown when a NSX transaction is stopped.
The transaction should be retried by the client.

This change ensures erro 610 is handled with APITransactionAborted
exception and therefore retried.

Change-Id: Ice1d712f78ffb5e9ea12fc485e3d4ac52167f678
2021-08-30 09:25:01 +00:00
Salvatore Orlando
6f2bc6f3cb Segment: Allow for setting multicast in advanced_config
This change enables specifying multicast in Segment's advanced_config
attribute. Upon update, the attribute is replaced. It is up to the
caller to make sure other components such as address_pool_paths are
not overwritten.

Change-Id: I738daa6243772006b69e6149b42de9451befa7e5
2021-08-26 16:49:05 +00:00
Salvatore Orlando
4bb02edad5 NSX PI: Do not use deprecated API when registering identity
With this change deprecated endpoints and the deprecated permission_group
parameter won't be used anymore.
The identity will now be created with the enterprise_admin role.

Change-Id: Ie202c78487a5273ddb58923e7479157c1da091a1
2021-08-02 07:54:18 +00:00
Zuul
dd0762c101 Merge "Added debug for Retry" into stable/victoria 2021-06-15 17:12:56 +00:00
Rongrong_Miao
b442394c98 [T0API] Added SCOPE parameter in static route
In setting T0 static route, a scope parameter is needed.
This patch fixes the problem with previous implementation by
adding the scope field in static route definition

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I9b6e579e8e57e13cb1ba9e797c7348e23e3aaa8f
(cherry picked from commit d8596e784e)
2021-06-03 11:32:30 -07:00
Zuul
aa5b7deac3 Merge "Added Tier 0 static routes" into stable/victoria 2021-06-03 16:59:52 +00:00
Zuul
f022201ca4 Merge "Add Create identity with cert" into stable/victoria 2021-06-03 09:22:46 +00:00
Rongrong_Miao
3d5cbe2f3a Added Tier 0 static routes
Adds Tier 0 static routes API to support dev
on NCP side on multi VRF and multi T0 topology

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I73756350b23dbd8f23c8e22ad84abe93b49831a4
(cherry picked from commit 4dcc68b807)
2021-06-03 02:20:04 -07:00
Zuul
17437c2cf0 Merge "Allow Transaction for Policy IP Pool Deletion" into stable/victoria 2021-06-03 09:13:52 +00:00
Zuul
ea97aa2ef5 Merge "Fixes get_realization_info, added API to get router port" into stable/victoria 2021-06-03 09:13:47 +00:00
Rongrong_Miao
dd76e05bf3 Fixes get_realization_info, added API to get router port
Currently in get_realizaiton_info in Tier1 API, the entity_type
is ignored. This patch fixes this issue to use entity_type to
filter for realized entity returned by this API

Also to easily get router port, an API is added for Tier1 API
to return a list of RouterPort realized associated with the tier1

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: Ife3f3652255db4ffc72872e4aef84418bf1a3211
(cherry picked from commit a953b1df2f)
2021-06-03 08:22:28 +00:00
Shawn Wang
16171471f6 Allow Transaction for Policy IP Pool Deletion
This patch allows IP Pool to be deleted with transaction, so that the IP
pool can be removed with its child resources (i.e. pool subnets, ip
allocations) in one API call.

Change-Id: I873f7b714a313ff5b512a3898aedab9bd805163b
(cherry picked from commit cf25fb0923)
2021-06-03 08:21:38 +00:00
Danting Liu
1bf074cab8 Add wait_until_realized for Tier1 Static Route
Change-Id: I26cff5ee6e7942c92d1670440aa7c039c39a2425
(cherry picked from commit 378e4eac70)
2021-06-03 08:20:38 +00:00
lxiaopei
9efbb93203 Add Create identity with cert
since POST /api/v1/trust-management/principal-identities is deprecated.

Change-Id: I5ff5f05aa6ba0e38523e6d4d8009e6aaa67449c8
(cherry picked from commit 5af19175cd)
2021-06-03 08:16:35 +00:00
Enhao Cui
3c8fee6a47 Add ORBAC Support in Policy API
Object-level RBAC Entries Support in Policy API. This resource
controls the CRUD permissions of specified user to specified resources.
URL: /policy/api/v1/aaa/object-permissions

Change-Id: If065da6e5c91fe16a563527ec2ec36c445c9afd1
(Cherry-picked from commit f0d39ed978)
2021-04-26 22:13:54 -07:00
Gautam Verma
6d8b00f107 Allow tags to be specified while creating Policy Rules
Issue: #2747149
Change-Id: Iaee21403ebe3bca5d537fb4f452146e1e38f4ccb
2021-04-07 21:12:39 +00:00
rmiao106
67c48cf518 Added debug for Retry
Urllib3 Retry class's increment method has been used and we don't
understand why. Since it's impossible to add logs directly in Retry class,
this patch subclasses Retry and adds logging capabilities to log
server response and relevant cause if we hit this bug again

Signed-off-by: rmiao106 <rmiao@vmware.com>
Change-Id: I2bd13ee635879a343c7a05886b397b3ffda5006a
(cherry picked from commit 3481739598)
2021-03-31 21:27:48 +00:00
Enhao Cui
56a0fbfab7 Add Support for Updating Policy Resource with PUT
NSX checks revision number for PUT requests. It rejects the request
if revision number is not latest. This is helpful for preventing
clients overwriting each other's change to the same object concurrently.

Change-Id: I226782f268b129a8e086938d8ebf258c2abc017e
(cherry picked from commit 4643ed6647)
2021-03-25 01:02:34 +00:00
Enhao Cui
238308fa01 Support preferred edge paths in Policy
Add GET and SET preferred edge paths in T1 API

Change-Id: Iaf3f7ec9ecee99d95df5297f9daff59e984336ee
(cherry picked from commit 17eeeff0ea)
2021-03-19 21:15:40 +00:00
asarfaty
4a41fff807 Fix session persistemce profiles list
resource_type is a static method and not a property

Change-Id: Ia1e90b2127a865b5997c8f6bec29fb410f417f65
2021-03-17 11:12:10 +00:00
Xiaotong Luo
93a9bd1463 Update session header with JWT token and skip session create
Although we need to skip the request to /api/session/create with JWT
based auth (original patch: https://review.opendev.org/c/x/vmware-nsxlib/+/774025/),
we should update the session headers with the JWT token.

Change-Id: I87a338f99c195e163d3618c123760c13252317ab
2021-03-08 21:55:56 +00:00
Zuul
13a6c65e4f Merge "Skipping session create with JWT based auth" into stable/victoria 2021-03-02 08:05:41 +00:00
Zuul
336c37c55d Merge "Provide new parameter to disable health check" into stable/victoria 2021-03-01 21:41:36 +00:00
Zuul
12257c9c2e Merge "Add debug printouts for potential session reuse" into stable/victoria 2021-03-01 21:41:32 +00:00
sean
b07fef1ed6 Provide new parameter to disable health check
Provide a new parameter in cluster API initilalize func to disable
health check and endpoint accessiblitlity check.
By default the value is True, for some scenarios, when creating
a nsxlib object, users does not intend to validate the endpoint
state, for example, in ncp election process.

Change-Id: I6485a91f1d764fbb7ae3edc61541b7cd9f97682e
(cherry picked from commit ce1d1e2424)
2021-03-01 20:44:16 +00:00
Anna Khmelnitsky
e098dd20a2 Add debug printouts for potential session reuse
We suspect session might be reused accross threads that leads to
rare SSL errors. This extra printout can help debug the issue.

Change-Id: I67e08ec48fb411d6d5a083fea6a6b68051f07617
(cherry picked from commit afcefb8b44)
2021-03-01 20:40:01 +00:00
Xiaotong Luo
048a581631 Skipping session create with JWT based auth
According to NSX Authentication team's response
in bug 2708018, we should not be using /api/session/create
with JWT based auth, which will cause
session create failed with 403 response.

Change-Id: Ic09090d633301401906815743bbdd83b55212203
(cherry picked from commit 10366f00ba)
2021-03-01 20:39:32 +00:00
Enhao Cui
15bcdbe453 Support Tier0 BGP Config in NSX Policy
Change-Id: I1bcd0533e7d5f531280c151b7fef78327b6fd2ab
(cherry picked from commit 60de62f64c)
2021-03-01 20:39:16 +00:00
asarfaty
71cb716b62 Allow removing segment port address bindings
Change-Id: I9374deebf7bdce8c886fceb70c0452a4377daf50
2021-01-27 11:02:54 +00:00