Rate limit is returned as a part of node/services/http response
In order to update one should:
1. GET the current configuration
2. PUT the updated configuration (the http response will be 202)
3. POST a restart action request (the http response will be 202)
Change-Id: I35a05f9810832e9a22ec9db43f167f13df0744a4
- Allow passing direct members when creating a new NSGroup
- Allow removing membership_criteria when updating a NSGroup
Change-Id: Ib0e5f5193f2d9ed455e0918fdf67da7a0acfdb62
A small refactor to the nsxlib:
1. change the security object code to be more similar to the other resources
2. Use retry code in base resources class only and not in resources
implementations
3. generelize the resource update code, to avoid duplications in different
classes
4. Adding some tests to verify the fix does not damage anything
Change-Id: Iac2cc1d55d3525ad21cb6399da691e212d6d4722
In case of too many requests in a short period of time, the NSX will
return response 429.
In this case (if configured) the nsxlib client will retry sending the request.
This option is controlled by a new parameter in the nsxlib config
rate_limit_retry which is enabled by default.
Change-Id: I20fca36d553e1e74da61292342a87247b53b5d13
Supporting new vpn ipsec objects, which were added at NSX 2.2
- IkeProfile
- IPSecTunnelProfile
- IPSecDpdProfile
- IPSecPeerEndpoint
- IPSecLocalEndpoint
- VPN service
- VPN Session with rules (policy based only)
Change-Id: I48139f9f0cc7e1b998efcf6fc7f50ac8e596bc6c
Currently if users pass rules=[] when calling
create_with_rules method, it will get errors from MP.
The reason is that this method does not append
create_with_rules action in the url if rules is None or empty,
but it still includes 'rules=[]' attribute in the request body.
Thus MP throws an error because it doesn't expect 'rules'
attribute in the request.
Change-Id: I86122f1f2b5382224084d786f9700330e2c83d50
Adding support for trunk vlan for logical switches in NSX 2.2 and up
This flag can be used for guest vlan, and is mutual exclusive from
the vlan id.
Change-Id: I0d08a84df796c226678a27c29cdd1e637f356e72
The NSX has various tag limitations. For example the maximum
length of the tags and the maximum amount of tags per resource.
This may increase with NSX versions.
This patch enables the library to learn from the NSX the tag limits.
Change-Id: Ie2eac9c51a36496908140018d7ca1d15ed0e9d58
During application profile update, user doesn't need to provide
resource_type and the resource_type is None in this case. If it
is None, we just need to return the body directly.
Change-Id: I296ff540f36a4072e9c774d201a6728878bc2b44
Add a method in trust management model to find certificate by pem
data. Also added an unit test for this method.
Change-Id: I2550b41dbbd71ac7f35a7c9ce85bd8e4e166b49e
The patch removes the neutron-lib from the dependencies. We do not
want/need the consumers of this library to pull in all of the
neutron-lib dependencies.
The patch adds the following:
1. callback to bind is_attr_set - set_is_attr_callback
2. A new exception NsxLibInvalidInput - this is raised when inputs
are invalid.
Change-Id: Ia8ec71dee2d5de921700a9b4fd7e789d2aed4679
NSX allows DFW rules to be added to a DFW section with query
param 'operation', which can be used to create the said rule
at top or bottom within the DFW section. This patch
adds 'operation' as an argument for the methods 'add_rule'
and 'add_rules'.
Change-Id: I82dd206967543b3382dd20d7bffb140fce9cb59d
Version 2.2 has a logging feature wher the NSX can log via the
X-NSX-EUSER header details of who the request was made for.
This feature will enable the plugin to determine whether or
not to send this header.
Change-Id: Ib87d5df2fbf5e15856511a50013ea47dbd4ca728
Part of the work we did while rehoming the callback modules introduced
the notion of payload objects [1] to replace the unstructured kwargs
used today. When using payloads event sources need to use publish()
rather than notify() to trigger the callback(s) and pass along a payload
object (if needed).
This patch begins to move us onto the payload objects by updating
BEFORE_INIT and AFTER_INIT event types to use the payloads.
Depends-On: I9194c7857f10392149159071cda8e080e93adc10
[1] https://github.com/openstack/neutron-lib/blob/master/doc/source/devref/callbacks.rst#event-payloads
Change-Id: Ie8311f28ebac6c1990a261cc6cfa130fac0cfc5f
Enable application to bind to a callback that will inject
headers to the requests sent to the NSX. This can for example
be: 'X-NSX-EUSER' which will provide the NSX context of the user
on behalf of whom the opertaion is done.
A new method set_inject_headers_callback(in is added. This method
receives a callback that should return a dictionary of headers to
be added.
Change-Id: I90fa7ea8c7828bf97aec66321e4169588108760e
This patch adds support to retrieve resources of type
VirtualMachines and VirtualNetworkInterface.
Change-Id: I9d551e35e68cbaadbe2787f23775296f61c0e72d
NSXv3 backend has a limitation that it only supports realtime
mode for now. This patch adds a source param for stats api.
Change-Id: I56a8ad0bb3641c9560cffdb1efcf3b8a7c461580
Add two methods for load balancer virtual server ssl profile
binding.
- Add client_ssl_profile_binding for virtual server. This
setting is used when load balancer acts as an SSL server and
terminating the client SSL connection.
- Add server_ssl_profile_binding for virtual server. This
setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server.
This patch also fixes a typo in server_ssl_profile.
Change-Id: I692a3cc30dcef9c8d68fe1b40c0624b881954bdd
Currently, only pem_encoded option is availabe when importing a
certificate into NSX. There are two more options we can expose
including private_key and passphrase. Also, we don't need to
remove '\n' from the cert as NSX backend will do it automatically.
This patch aslo adds a trust_management object in the NsxLib for
nsxlib consumer accessing it easily.
Change-Id: I0429d1d7caf7995f044d4daaa46da13e506fddb2
Adding a caching mechanism to remember previous results of get commands
and return them if they are not too old.
This mechanism is disabled for most of the nsxlib resources, and used only
by a few resources that are accessed frequently and modifies rarely
such as transport zones.
Change-Id: I4c1c723ee878feab9a86ff9015246c9e1773bd8b
NSX 3.0.0 (version may change later) will support adding a vlan
router interface and not just overlay ones.
This patch adds a feature for this, so the plugin can check if this
is supported or not.
Change-Id: I86d79e5a14a326db5659bd7a746fefb9b44dbf46
Application profiles are of type TCP, UDP or HTTP. In case the
application profile is being updated with a new type, the virtual
server must also be updated with the new IP Protocol.
Additionally, it should not be necessary to update both the
persistence profile and application profile simultaneously.
Change-Id: I4953dcefa6b168406276851c59b89c3ddaa2f9ad
Using the load balancing related args for the router
update_advertisement should be done only if the NSX version
supports the load balancing feature.
Change-Id: I1a94ee58e6b8908e6122a69f6515dfdf2d2c1b28