Class: NSXDriver::NSXTdfw

Inherits:

DistributedFirewall

• Object
• NSXComponent
• DistributedFirewall
• NSXDriver::NSXTdfw

Defined in:

lib/nsxt_dfw.rb

Overview

Class Logical Switch

Instance Attribute Summary

• #one_section_id ⇒ Object readonly

  ATTRIBUTES.

Attributes inherited from DistributedFirewall

#one_section_name

Instance Method Summary

• #create_rule(rule_spec, section_id = @one_section_id) ⇒ Object

  Create new rule.

• #create_section(section_name) ⇒ Object

  Create new section and return the section.

• #delete_rule(rule_id, section_id = @one_section_id) ⇒ Object

  Delete rule.

• #delete_section(section_id = @one_section_id) ⇒ Object

  Delete section Params: - section_id: [String] ID of the section or @one_section_id.

• #init_section ⇒ Object

  Sections Creates OpenNebula section if not exists and returns its section_id.

• #initialize(nsx_client) ⇒ NSXTdfw constructor

  CONSTRUCTOR Creates OpenNebula section if not exists.

• #rule_by_id(rule_id) ⇒ Object

  Get rule by id Return: rule | nil.

• #rules(section_id = @one_section_id) ⇒ Object

  Rules Get all rules of a Section, OpenNebula section if it’s not defined Return: - [Array].

• #rules_by_name(rule_name, section_id = @one_section_id) ⇒ Object

  Get rules by name Return: - Array with rules or an empty array.

• #rules_by_regex(regex, section_id = @one_section_id) ⇒ Object

  Get rule by regex Return: - Array with rules or an empty array.

• #section_by_id(section_id = @one_section_id) ⇒ Object

  Get section by id Params: - section_id: [String] ID of the section or @one_section_id Return - nil | section.

• #section_by_name(section_name) ⇒ Object

  Get section by name Params: - section_name: Name of the section Return - nil | section.

• #sections ⇒ Object

  Get all sections Params: - None Return - nil | sections.

• #update_rule(rule_id, rule_spec, section_id = @one_section_id) ⇒ Object

  Update rule.

Methods inherited from DistributedFirewall

#clear_all_rules, #clear_rules, #create_rules, #extract_nic_data, new_child

Methods included from NSXRule

#extract_rule_data, #extract_vnet_data, #parse_ports, #rule_spec, #to_nets

Methods included from NSXDriver::NSXRule::NSXVRule

#nsxv_rule_spec

Methods included from NSXDriver::NSXRule::NSXTRule

#nsxt_rule_spec

Constructor Details

#initialize(nsx_client) ⇒ NSXTdfw

CONSTRUCTOR Creates OpenNebula section if not exists

# File 'lib/nsxt_dfw.rb', line 26

def initialize(nsx_client)
    super(nsx_client)
    # Construct base URLs
    @base_url = NSXConstants::NSXT_DFW_BASE
    @url_sections = @base_url + \
                    NSXConstants::NSXT_DFW_SECTIONS
    @one_section_id = init_section
end

Instance Attribute Details

#one_section_id ⇒ Object (readonly)

ATTRIBUTES

# File 'lib/nsxt_dfw.rb', line 22

def one_section_id
  @one_section_id
end

Instance Method Details

#create_rule(rule_spec, section_id = @one_section_id) ⇒ Object

Create new rule

# File 'lib/nsxt_dfw.rb', line 160

def create_rule(rule_spec, section_id = @one_section_id)
    # Get revision from section
    section = section_by_id(section_id)
    unless section
        error_msg = "Section with id #{section_id} not found"
        error = NSXError::ObjectNotFound
                .new(error_msg)
        raise error
    end
    revision_id = section['_revision']
    rule_spec['_revision'] = revision_id
    rule_spec = rule_spec.to_json
    url = @url_sections + '/' + section_id + '/rules'
    @nsx_client.post(url, rule_spec)
end

#create_section(section_name) ⇒ Object

Create new section and return the section

# File 'lib/nsxt_dfw.rb', line 82

def create_section(section_name)
    section_spec = %(
      {
          "display_name": "#{section_name}",
          "section_type": "LAYER3",
          "stateful": true
      }
    )
    section_id = @nsx_client.post(@url_sections, section_spec)
    result = section_by_id(section_id)
    raise 'Section was not created in DFW' unless result

    result
end

#delete_rule(rule_id, section_id = @one_section_id) ⇒ Object

Delete rule

# File 'lib/nsxt_dfw.rb', line 188

def delete_rule(rule_id, section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules/' + rule_id
    # Delete receive a 200 OK also if the rule doesn't exist
    @nsx_client.delete(url)
end

#delete_section(section_id = @one_section_id) ⇒ Object

Delete section Params:

• section_id: [String] ID of the section or @one_section_id

# File 'lib/nsxt_dfw.rb', line 100

def delete_section(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    @nsx_client.delete(url)
end

#init_section ⇒ Object

Sections Creates OpenNebula section if not exists and returns its section_id. Returns its section_id if OpenNebula section already exists

# File 'lib/nsxt_dfw.rb', line 39

def init_section
    one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
    one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
    return one_section['id'] if one_section
end

#rule_by_id(rule_id) ⇒ Object

Get rule by id Return: rule | nil

# File 'lib/nsxt_dfw.rb', line 117

def rule_by_id(rule_id)
    url = @base_url + '/rules/' + rule_id
    valid_codes = [NSXConstants::CODE_CREATED,
                   NSXConstants::CODE_OK,
                   NSXConstants::CODE_BAD_REQUEST,
                   NSXConstants::CODE_NOT_FOUND]
    additional_headers = []
    @nsx_client.get(url, additional_headers, valid_codes)
end

#rules(section_id = @one_section_id) ⇒ Object

Rules Get all rules of a Section, OpenNebula section if it’s not defined Return:

• Array

# File 'lib/nsxt_dfw.rb', line 109

def rules(section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules'
    @nsx_client.get(url)
end

#rules_by_name(rule_name, section_id = @one_section_id) ⇒ Object

Get rules by name Return:

- Array with rules or an empty array

# File 'lib/nsxt_dfw.rb', line 130

def rules_by_name(rule_name, section_id = @one_section_id)
    rules = []
    return rules unless section_id

    all_rules = rules(section_id)
    return rules unless all_rules

    all_rules['results'].each do |rule|
        rules << rule if rule['display_name'] == rule_name
    end
    rules
end

#rules_by_regex(regex, section_id = @one_section_id) ⇒ Object

Get rule by regex Return:

- Array with rules or an empty array

# File 'lib/nsxt_dfw.rb', line 146

def rules_by_regex(regex, section_id = @one_section_id)
    rules = []
    return rules unless section_id

    all_rules = rules(section_id)
    return rules unless all_rules

    all_rules['results'].each do |rule|
        rules << rule if rule['display_name'].match(regex)
    end
    rules
end

#section_by_id(section_id = @one_section_id) ⇒ Object

Get section by id Params:

• section_id: [String] ID of the section or @one_section_id

Return

• nil | section

# File 'lib/nsxt_dfw.rb', line 60

def section_by_id(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    @nsx_client.get(url)
end

#section_by_name(section_name) ⇒ Object

Get section by name Params:

• section_name: Name of the section

Return

• nil | section

# File 'lib/nsxt_dfw.rb', line 70

def section_by_name(section_name)
    result = nil
    all_sections = sections
    return result unless all_sections

    all_sections.each do |section|
        result = section if section['display_name'] == section_name
    end
    result
end

#sections ⇒ Object

Get all sections Params:

• None

Return

• nil | sections

# File 'lib/nsxt_dfw.rb', line 50

def sections
    result = @nsx_client.get(@url_sections)
    result['results']
end

#update_rule(rule_id, rule_spec, section_id = @one_section_id) ⇒ Object

Update rule

# File 'lib/nsxt_dfw.rb', line 177

def update_rule(rule_id, rule_spec, section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules/' + rule_id
    rule = rule_by_id(rule_id)
    raise "Rule id #{rule_id} not found" unless rule

    rule_spec['_revision'] = rule['_revision']
    rule_spec = rule_spec.to_json
    @nsx_client.put(url, rule_spec)
end