1029 Commits

Author SHA1 Message Date
Sean
36be37d942 Support update app_id in segment port api
Change-Id: I19e85c33e89cd8ab8f2430ae9e007afd193a7b52
2021-07-16 01:58:47 +08:00
Zuul
d717cee827 Merge "Add wait_until_realized for Tier1 Static Route" 2021-05-10 13:11:39 +00:00
Rongrong_Miao
d8596e784e [T0API] Added SCOPE parameter in static route
In setting T0 static route, a scope parameter is needed.
This patch fixes the problem with previous implementation by
adding the scope field in static route definition

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I9b6e579e8e57e13cb1ba9e797c7348e23e3aaa8f
2021-04-22 16:16:52 -07:00
Danting Liu
378e4eac70 Add wait_until_realized for Tier1 Static Route
Change-Id: I26cff5ee6e7942c92d1670440aa7c039c39a2425
2021-04-22 04:02:19 -07:00
Enhao Cui
f0d39ed978 Add ORBAC Support in Policy API
Object-level RBAC Entries Support in Policy API. This resource
controls the CRUD permissions of specified user to specified resources.
URL: /policy/api/v1/aaa/object-permissions

Change-Id: If065da6e5c91fe16a563527ec2ec36c445c9afd1
2021-04-19 14:03:54 -07:00
Zuul
287757d4cd Merge "Added Tier 0 static routes" 2021-04-15 18:32:38 +00:00
lxiaopei
5af19175cd Add Create identity with cert
since POST /api/v1/trust-management/principal-identities is deprecated.

Change-Id: I5ff5f05aa6ba0e38523e6d4d8009e6aaa67449c8
2021-04-08 03:21:11 +00:00
Zuul
dfcfd10336 Merge "Allow tags to be specified while creating Policy Rules" 2021-04-07 21:21:32 +00:00
Gautam Verma
3d914f1dbc Allow tags to be specified while creating Policy Rules
Issue: #2747149
Change-Id: Iaee21403ebe3bca5d537fb4f452146e1e38f4ccb
2021-04-07 13:59:31 -07:00
Rongrong_Miao
a953b1df2f Fixes get_realization_info, added API to get router port
Currently in get_realizaiton_info in Tier1 API, the entity_type
is ignored. This patch fixes this issue to use entity_type to
filter for realized entity returned by this API

Also to easily get router port, an API is added for Tier1 API
to return a list of RouterPort realized associated with the tier1

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: Ife3f3652255db4ffc72872e4aef84418bf1a3211
2021-04-06 10:43:44 -07:00
Rongrong_Miao
4dcc68b807 Added Tier 0 static routes
Adds Tier 0 static routes API to support dev
on NCP side on multi VRF and multi T0 topology

Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I73756350b23dbd8f23c8e22ad84abe93b49831a4
2021-04-06 09:07:42 -07:00
Shawn Wang
cf25fb0923
Allow Transaction for Policy IP Pool Deletion
This patch allows IP Pool to be deleted with transaction, so that the IP
pool can be removed with its child resources (i.e. pool subnets, ip
allocations) in one API call.

Change-Id: I873f7b714a313ff5b512a3898aedab9bd805163b
2021-03-30 12:15:07 -07:00
Enhao Cui
4643ed6647 Add Support for Updating Policy Resource with PUT
NSX checks revision number for PUT requests. It rejects the request
if revision number is not latest. This is helpful for preventing
clients overwriting each other's change to the same object concurrently.

Change-Id: I226782f268b129a8e086938d8ebf258c2abc017e
2021-03-19 16:00:27 -07:00
Zuul
aaf5c222b6 Merge "Support preferred edge paths in Policy" 2021-03-18 18:58:27 +00:00
Enhao Cui
17eeeff0ea Support preferred edge paths in Policy
Add GET and SET preferred edge paths in T1 API

Change-Id: Iaf3f7ec9ecee99d95df5297f9daff59e984336ee
2021-03-17 20:00:11 +00:00
asarfaty
cf4704c807 Fix session persistemce profiles list
resource_type is a static method and not a property

Change-Id: Ia1e90b2127a865b5997c8f6bec29fb410f417f65
2021-03-17 09:16:47 +00:00
Xiaotong Luo
4741b2edd8 Update session header with JWT token and skip session create
Although we need to skip the request to /api/session/create with JWT
based auth (original patch: https://review.opendev.org/c/x/vmware-nsxlib/+/774025/),
we should update the session headers with the JWT token.

Change-Id: I87a338f99c195e163d3618c123760c13252317ab
2021-03-08 20:39:51 +00:00
sean
ce1d1e2424 Provide new parameter to disable health check
Provide a new parameter in cluster API initilalize func to disable
health check and endpoint accessiblitlity check.
By default the value is True, for some scenarios, when creating
a nsxlib object, users does not intend to validate the endpoint
state, for example, in ncp election process.

Change-Id: I6485a91f1d764fbb7ae3edc61541b7cd9f97682e
2021-02-25 22:42:42 -08:00
Xiaotong Luo
10366f00ba Skipping session create with JWT based auth
According to NSX Authentication team's response
in bug 2708018, we should not be using /api/session/create
with JWT based auth, which will cause
session create failed with 403 response.

Change-Id: Ic09090d633301401906815743bbdd83b55212203
2021-02-08 17:40:18 -08:00
Zuul
8deef1727e Merge "Add debug printouts for potential session reuse" 2021-01-29 18:57:07 +00:00
asarfaty
83f943c41d Allow removing segment port address bindings
Change-Id: I9374deebf7bdce8c886fceb70c0452a4377daf50
2021-01-27 10:42:34 +02:00
Anna Khmelnitsky
afcefb8b44 Add debug printouts for potential session reuse
We suspect session might be reused accross threads that leads to
rare SSL errors. This extra printout can help debug the issue.

Change-Id: I67e08ec48fb411d6d5a083fea6a6b68051f07617
2021-01-26 15:57:06 -08:00
Enhao Cui
60de62f64c Support Tier0 BGP Config in NSX Policy
Change-Id: I1bcd0533e7d5f531280c151b7fef78327b6fd2ab
2021-01-20 20:05:10 +00:00
asarfaty
54308ced90 Support segment overlay-id
Change-Id: If873748ccced944efd62e4b7ed5753c864b662b8
2021-01-06 12:26:37 +02:00
Zuul
b880e4e3e9 Merge "Added debug for Retry" 2020-12-24 07:52:01 +00:00
Salvatore Orlando
1e1b5da052 Ensure multicast can be set in a transaction
Use _create_or_store in place of create_or_update to set
multicast on a Tier-1 gateway

Change-Id: Ib58b3944c02b14ebf4b65fe1871fa453ad2cd888
2020-12-23 14:30:39 -08:00
rmiao106
3481739598 Added debug for Retry
Urllib3 Retry class's increment method has been used and we don't
understand why. Since it's impossible to add logs directly in Retry class,
this patch subclasses Retry and adds logging capabilities to log
server response and relevant cause if we hit this bug again

Signed-off-by: rmiao106 <rmiao@vmware.com>
Change-Id: I2bd13ee635879a343c7a05886b397b3ffda5006a
2020-12-20 05:08:55 +00:00
Salvatore Orlando
f6f86385ae Tier-1 GW: Allow to set multicast on specific locale-service
This patch adds an optional 'service_id' parameter to multicast
enablement / disablement methods to allow multicast to be set
also for locale-services whose id was not auto-generated by
vmware-nsxlib.

Change-Id: I68d0149179eea3177252f4986ce1b2d085b0950b
2020-12-10 15:01:54 -08:00
asarfaty
58340e6272 Fix requirements
Change-Id: If2a32b0bbf6bbcdc3b911224adb8943a7a34897b
2020-12-10 11:39:57 +02:00
Salvatore Orlando
ea8d433643 Add support for enabling/disabling multicast on Tier-1 GW
This patch allow for enabling or disabling multicast on a Tier-1 GW
router. This is simply done by setting a boolean flag in the router's
multicast configuration, which is however a sub-attribute of the
Tier-1 GW object accessed via its own API endpoint.

For the above reason, this patch introduces a definition object for
the Tier-1 Multicast settings.

Change-Id: I8308442ecd9b4d14f4ceb0ea55c4dcd4ee240e17
2020-12-04 16:29:33 -08:00
Zuul
0ec8b223b4 Merge "Add api support for log related parameters" 2020-12-02 05:46:25 +00:00
Tao Zou
99015e71b1 Add api support for log related parameters
Add two parameters access_log_enabled and log_significant_event_only
They're supported since nsx-t 3.0.0.
1. for policy, it needs to add extra parameters.
2. for manager, ** kargs supports more parameters, nothing changed.

Change-Id: I2b313eef80def69e17d664022ae2074950812897
2020-12-01 17:53:12 +08:00
Erica Liu
293c139b05 Add support for tcp multiplexing in LB Pool config
This change support create/update LB pool with tcp multiplexing
enabled and tcp multiplexing number.

Change-Id: I3c39bc2b4b07f138a2ac3d3efbdccd80929cc3b2
2020-11-30 17:09:21 -08:00
sean
0323737ed1 Add api support for enabling snat rule logging
1. For MP, add logging parameter in snat rule creating api
2. For Policy, change parameter name from log to logging for tier0
   and tier1 snat rule object.

Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
2020-11-11 02:52:35 -08:00
asarfaty
20ec669402 Add realtime LB service statistics
Change-Id: Ifad152c41a0525d883531de813645345f62160a3
2020-11-03 11:46:28 +02:00
asarfaty
620c918579 Fix update of the pool member backup state
Change-Id: I405bc36559998f16bf67eb6b807e1fd95c2358e1
2020-11-02 11:22:29 +02:00
asarfaty
f4a16ac6d0 Add stale revision error code
Change-Id: I6b3586885d210867c2fd4ab9ba66273b11a47843
2020-10-28 09:23:55 +02:00
asarfaty
253a76c527 Add logging for failed realization
Change-Id: Ia721d46272d3dca67bb2ba09bce6977dec886495
2020-10-25 09:21:45 +02:00
Zuul
54818b0f51 Merge "Avoid invoking session/create API with client cert" 2020-10-19 21:15:51 +00:00
asarfaty
b642e2ba14 Add wait for successful state for segment api
Change-Id: I679015903f6ac218fe2f724f8825670234e02d20
2020-10-15 08:44:03 +02:00
Anna Khmelnitsky
f81be47cb7 Avoid invoking session/create API with client cert
This fails on NSX since the API is only supported with basic auth.

Change-Id: I4043836d9b0d96ec659f33cef19ec31b73747667
2020-10-14 12:10:37 -07:00
Erica Liu
ba09940429 Adding support for customzing ep value in segement creation
In case of none default enforcement point value, the Segment
create might fail, because it is hard coded to use default ep
for querying transport zone, if specified. This change add
support for creating segment with transport zone in none default
enforcement point

Change-Id: Id122f9591c2bded5edc43fad514e6e1e9e6a9fa3
2020-10-13 17:49:44 -07:00
asarfaty
5ee7524cc5 Check realization status when getting id by search
Change-Id: I912b51933f2ad1e9fa2b1750c42301b1a1a70c25
2020-10-13 08:55:17 +02:00
Zuul
22a76ec7af Merge "Use related error codes to decide on the exception" 2020-10-12 06:51:54 +00:00
asarfaty
cf2efd0a3f Use entity-type when checking realization by search api
Change-Id: If3ac4bf1067e10df802c4ab28c661aa73f678122
2020-10-11 09:00:52 +02:00
asarfaty
e115c6f0ec Use related error codes to decide on the exception
In case the error code has no specific exception, try the related
error codes as well.

Change-Id: I2054e56705545f25ff2cad359e4091dbf04bb17b
2020-10-11 07:24:10 +02:00
Shawn Wang
a8732a94af
Add DHCP Config build and T1 Adv Rule Update
- Expose Building DHCP Config V4 and V6 in NsxPolicyTier1SegmentApi
- Update update_advertisement_rules to allow batch removal of existings
  rules via prefix matching even if no new rules are to be added

Change-Id: I215630fb2af41d71431774d88129c08c4aeac904
2020-10-07 17:20:51 -07:00
Adit Sarfaty
921bab44f8 Revert "Stop old validation loops before reinitializing the cluster"
This reverts commit d6c8d9c3aebd8d68033a0e5f97ca65b9d568dd14.

Change-Id: Id5ba74a93bc6db0e84e1104dc7c1396036d1bc44
2020-10-05 09:40:18 +00:00
asarfaty
bdf9976a84 Add api for nsxlib passthrough object
Change-Id: Ide05dd8878092043a6a3fe3d7701aa5018d47332
2020-10-01 11:37:46 +00:00
asarfaty
d6c8d9c3ae Stop old validation loops before reinitializing the cluster
Whenever the cluster in initialized, new loops for keepalive validation
are created.
The old loos should be stopped to not overload the nsx with keepalive checks.

Change-Id: I6ae746ba11457c141814424f42e9a0c0e2684601
2020-09-27 07:29:19 +00:00