Class: NSXDriver::NSXVdfw

Inherits:
DistributedFirewall show all
Defined in:
lib/nsxv_dfw.rb

Overview

Class Logical Switch

Instance Attribute Summary collapse

Attributes inherited from DistributedFirewall

#one_section_name

Instance Method Summary collapse

Methods inherited from DistributedFirewall

#clear_all_rules, #clear_rules, #create_rules, #extract_nic_data, new_child

Methods included from NSXRule

#extract_rule_data, #extract_vnet_data, #parse_ports, #rule_spec, #to_nets

Methods included from NSXDriver::NSXRule::NSXVRule

#nsxv_rule_spec

Methods included from NSXDriver::NSXRule::NSXTRule

#nsxt_rule_spec

Constructor Details

#initialize(nsx_client) ⇒ NSXVdfw

CONSTRUCTOR Creates OpenNebula section if not exists



26
27
28
29
30
31
32
33
# File 'lib/nsxv_dfw.rb', line 26

def initialize(nsx_client)
    super(nsx_client)
    # Construct base URLs
    @base_url = NSXConstants::NSXV_DFW_BASE
    @url_sections = @base_url + \
                    NSXConstants::NSXV_DFW_SECTIONS
    @one_section_id = init_section
end

Instance Attribute Details

#one_section_idObject (readonly)

ATTRIBUTES



22
23
24
# File 'lib/nsxv_dfw.rb', line 22

def one_section_id
  @one_section_id
end

Instance Method Details

#create_rule(rule_spec, section_id = @one_section_id) ⇒ Object

Create new rule



164
165
166
167
168
169
170
171
172
173
# File 'lib/nsxv_dfw.rb', line 164

def create_rule(rule_spec, section_id = @one_section_id)
    # etag is needed to add a new header If-Match
    etag = section_etag(section_id)
    raise NSXError::ObjectNotFound('etag') \
        unless etag

    aditional_headers = [{ 'If-Match' => etag }]
    url = @url_sections + '/' + section_id + '/rules'
    @nsx_client.post(url, rule_spec, aditional_headers)
end

#create_section(section_name) ⇒ Object

Create new section Params:

  • section_name [String] Name of the section

Return:

  • Nokogiri::XML::NodeSet


102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'lib/nsxv_dfw.rb', line 102

def create_section(section_name)
    section_spec =
        "<section name=\"#{section_name}\"\
        stateless=\"false\" tcpStrict=\"true\" useSid=\"false\">\
        </section>"

    section = Nokogiri::XML @nsx_client
              .post(@url_sections, section_spec)
    section_id = section.xpath('//section/@id').text
    result = section_by_id(section_id)
    raise 'Section was not created in DFW' unless result

    result
end

#delete_rule(rule_id, section_id = @one_section_id) ⇒ Object

Delete rule



190
191
192
193
194
195
196
197
198
# File 'lib/nsxv_dfw.rb', line 190

def delete_rule(rule_id, section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules/' + rule_id
    # etag is needed to add a new header If-Match
    etag = section_etag(section_id)
    raise "Cannot get etag from section: #{section_id}" unless etag

    aditional_headers = [{ 'If-Match' => etag }]
    @nsx_client.delete(url, aditional_headers)
end

#delete_section(section_id = @one_section_id) ⇒ Object

Delete section Params:

  • section_id: [String] ID of the section or @one_section_id



120
121
122
123
# File 'lib/nsxv_dfw.rb', line 120

def delete_section(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    @nsx_client.delete(url)
end

#init_sectionObject

Sections Get all sections Creates OpenNebula section if not exists and returns its section_id. Returns its section_id if OpenNebula section already exists



40
41
42
43
44
# File 'lib/nsxv_dfw.rb', line 40

def init_section
    one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
    one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
    return one_section.xpath('@id').text if one_section
end

#rule_by_id(rule_id, section_id = @one_section_id) ⇒ Object

Get rule by id Return:

  • rule | nil



140
141
142
143
144
145
146
147
148
149
# File 'lib/nsxv_dfw.rb', line 140

def rule_by_id(rule_id, section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules/' + rule_id
    valid_codes = [NSXConstants::CODE_CREATED,
                   NSXConstants::CODE_OK,
                   NSXConstants::CODE_BAD_REQUEST,
                   NSXConstants::CODE_NOT_FOUND]
    additional_headers = []
    result = @nsx_client.get(url, additional_headers, valid_codes)
    result.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
end

#rules(section_id = @one_section_id) ⇒ Object

Rules Get all rules Params:

  • section_id: [String] ID of the section or @one_section_id

Return:

  • Nokogiri::XML::NodeSet


131
132
133
134
135
# File 'lib/nsxv_dfw.rb', line 131

def rules(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    rules = @nsx_client.get(url)
    rules.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
end

#rules_by_name(rule_name, section_id = @one_section_id) ⇒ Object

Get rules by name Return:

  • Nokogiri::XML::NodeSet


154
155
156
157
158
159
160
161
# File 'lib/nsxv_dfw.rb', line 154

def rules_by_name(rule_name, section_id = @one_section_id)
    rules = Nokogiri::XML::NodeSet.new(Nokogiri::XML::Document.new)

    all_rules = rules(section_id)
    return rules unless all_rules

    all_rules.xpath("//rule[name=\"#{rule_name}\"]")
end

#section_by_id(section_id = @one_section_id) ⇒ Object

Get section by id Params:

  • section_id: [String] ID of the section or @one_section_id

Return:

  • nil | [Nokogiri::XML::NodeSet] section



63
64
65
66
67
68
69
# File 'lib/nsxv_dfw.rb', line 63

def section_by_id(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    result = @nsx_client.get(url)
    xp = NSXConstants::NSXV_DFW_SECTION_XPATH
    section = result.xpath(xp)
    return section unless section.empty?
end

#section_by_name(section_name) ⇒ Object

Get section by name Params:

  • section_name: [String] Name of the section

Return:

  • nil | [Nokogiri::XML::NodeSet] section



88
89
90
91
92
93
94
95
# File 'lib/nsxv_dfw.rb', line 88

def section_by_name(section_name)
    url = @url_sections + '?name=' + section_name
    result = @nsx_client.get(url) rescue nil
    return if result.nil?

    xp = NSXConstants::NSXV_DFW_SECTION_XPATH
    result.xpath(xp)
end

#section_etag(section_id = @one_section_id) ⇒ Object

Get section etag needed to manage FW rules Params:

  • section_id: [String] ID of the section or @one_section_id

Return:

  • nil | etag [String] ID of the etag header



76
77
78
79
80
81
# File 'lib/nsxv_dfw.rb', line 76

def section_etag(section_id = @one_section_id)
    url = @url_sections + '/' + section_id
    response = @nsx_client.get_full_response(url)
    etag = response['etag']
    return etag.delete('\"') if etag
end

#sectionsObject

Get all sections Params:

  • None

Return:

  • nil | [Nokogiri::XML::NodeSet] sections



51
52
53
54
55
56
# File 'lib/nsxv_dfw.rb', line 51

def sections
    result = @nsx_client.get(@base_url)
    xp = NSXConstants::NSXV_DFW_SECTION_XPATH
    sections = result.xpath(xp)
    return sections unless sections.empty?
end

#update_rule(rule_id, rule_spec, section_id = @one_section_id) ⇒ Object

Update rule



176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/nsxv_dfw.rb', line 176

def update_rule(rule_id, rule_spec, section_id = @one_section_id)
    url = @url_sections + '/' + section_id + '/rules/' + rule_id
    rule = rule_by_id(rule_id)
    raise "Rule id #{rule_id} not found" unless rule

    # etag is needed to add a new header If-Match
    etag = section_etag(section_id)
    raise "Cannot get etag from section: #{section_id}" unless etag

    aditional_headers = [{ 'If-Match' => etag }]
    @nsx_client.put(url, rule_spec, aditional_headers)
end