Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Distributed Firewall and Network Context Profile lookup #452

Merged
merged 11 commits into from
Apr 7, 2022
Merged

Add support for Distributed Firewall and Network Context Profile lookup #452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f0d9ed3
Self-review
Didainius Mar 29, 2022
a98f4d3
Self-review
Didainius Mar 29, 2022
b268b39
Merge branch 'main' into dfw
Didainius Mar 29, 2022
278515b
Test improvement
Didainius Mar 29, 2022
d8498f5
Remove ineffective test for API < 35.0
Didainius Mar 29, 2022
9d75390
Address comments
Didainius Mar 30, 2022
f79ae95
Address comments
Didainius Mar 31, 2022
b2df07f
Change 'default' to types.DistributedFirewallPolicyDefault
Didainius Mar 31, 2022
f6b1bb3
Merge branch 'main' into dfw
Didainius Apr 6, 2022
47d706c
Merge branch 'main' into dfw
Didainius Apr 6, 2022
20f5f1a
Merge branch 'main' into dfw
Didainius Apr 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changes/v2.15.0/452-features.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
* Add support for for Network Context Profile lookup using `GetAllNetworkContextProfiles` and
`GetNetworkContextProfilesByNameScopeAndContext` functions [GH-452]
* Add support for NSX-T Distributed Firewall rule management using type `DistributedFirewall` and
`VdcGroup.GetDistributedFirewall`, `VdcGroup.UpdateDistributedFirewall`,
`VdcGroup.DeleteAllDistributedFirewallRules`, `DistributedFirewall.DeleteAllRules` [GH-452]
101 changes: 101 additions & 0 deletions govcd/nsxt_distributed_firewall.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
package govcd

import (
"errors"
"fmt"

"github.com/vmware/go-vcloud-director/v2/types/v56"
)

// DistributedFirewall contains a types.DistributedFirewallRules which handles Distributed Firewall
// rules in a VDC Group
type DistributedFirewall struct {
DistributedFirewallRuleContainer *types.DistributedFirewallRules
client *Client
VdcGroup *VdcGroup
}

// GetDistributedFirewall retrieves Distributed Firewall in a VDC Group which contains all rules
//
// Note. This function works only with `default` policy as this was the only supported when this
// functions was created
func (vdcGroup *VdcGroup) GetDistributedFirewall() (*DistributedFirewall, error) {
client := vdcGroup.client
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroupsDfwRules
apiVersion, err := client.getOpenApiHighestElevatedVersion(endpoint)
if err != nil {
return nil, err
}

// "default" policy is hardcoded because there is no other policy supported
urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, vdcGroup.VdcGroup.Id, types.DistributedFirewallPolicyDefault))
if err != nil {
return nil, err
}

returnObject := &DistributedFirewall{
DistributedFirewallRuleContainer: &types.DistributedFirewallRules{},
client: client,
VdcGroup: vdcGroup,
}

err = client.OpenApiGetItem(apiVersion, urlRef, nil, returnObject.DistributedFirewallRuleContainer, nil)
if err != nil {
return nil, fmt.Errorf("error retrieving Distributed Firewall rules: %s", err)
}

return returnObject, nil
}

// UpdateDistributedFirewall updates Distributed Firewall in a VDC Group
//
// Note. This function works only with `default` policy as this was the only supported when this
// functions was created
func (vdcGroup *VdcGroup) UpdateDistributedFirewall(dfwRules *types.DistributedFirewallRules) (*DistributedFirewall, error) {
client := vdcGroup.client
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroupsDfwRules
apiVersion, err := client.getOpenApiHighestElevatedVersion(endpoint)
if err != nil {
return nil, err
}

// "default" policy is hardcoded because there is no other policy supported
urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, vdcGroup.VdcGroup.Id, types.DistributedFirewallPolicyDefault))
if err != nil {
return nil, err
}

returnObject := &DistributedFirewall{
DistributedFirewallRuleContainer: &types.DistributedFirewallRules{},
client: client,
VdcGroup: vdcGroup,
}

err = client.OpenApiPutItem(apiVersion, urlRef, nil, dfwRules, returnObject.DistributedFirewallRuleContainer, nil)
if err != nil {
return nil, fmt.Errorf("error updating Distributed Firewall rules: %s", err)
}

return returnObject, nil
}

// DeleteAllDistributedFirewallRules removes all Distributed Firewall rules
//
// Note. This function works only with `default` policy as this was the only supported when this
// functions was created
func (vdcGroup *VdcGroup) DeleteAllDistributedFirewallRules() error {
_, err := vdcGroup.UpdateDistributedFirewall(&types.DistributedFirewallRules{})
return err
}

// DeleteAllRules removes all Distributed Firewall rules
//
// Note. This function works only with `default` policy as this was the only supported when this
// functions was created
func (firewall *DistributedFirewall) DeleteAllRules() error {
if firewall.VdcGroup != nil && firewall.VdcGroup.VdcGroup != nil && firewall.VdcGroup.VdcGroup.Id == "" {
return errors.New("empty VDC Group ID for parent VDC Group")
}

return firewall.VdcGroup.DeleteAllDistributedFirewallRules()
}
Loading