The nat_pass is deprecated and has been replaced by firewall_match.
This patch add support for firewall_match and stops using nat_pass
when firewall_match is specified.
Change-Id: Ibd2303cf4e182c7aea6bab57c27f36ee4c138a47
This reverts commit d761feadd7b572ed5e0c788f0ffe7e9f245e71c8.
Reason for revert: move solution to upper layer
Change-Id: I536c33e2608fbb8ce107a5236db27bc43b9974fe
operator field in Conditions for group expressions is invalid if
scope_operator field is set to NOTEQUALS, removing it for the same
Change-Id: I42a4c2586f30952fd4a6cce5235e6c2404c0c6e4
PR 2907548 shows the need of implementing also a regeneration trigger
in the exception handler to help with recovering from
invalid XSRF Token issue.
Change-Id: I51897596259bf6abcee26b148c5b70c5eb02d459
Logical port creation is a POST request. Sometimes it will trigger
ConnectionResetError which is a IOError. request_with_retry_on_ssl_error
will retry it.
If request has parameter retry_confirm, exception will be raised so ncp
could query if port has been created to avoid creating port twice.
Change-Id: Ic97b39c7a3736f02a79ab891970c1ad67b123156
In certain cases, caller would need to add route advertisment rules on
Policy Tier1 owned by other accounts. This change adds the support by
propagating the "force" param to include X-Allow-Overwrite header in the
final API call. The same operation is already allowed in MP counterpart.
Change-Id: Ic09fb16dd2403f33323c179d68fd2f1f3ce4bb42
For search api, if response size is too large, exception with
error_code 60576 is returned. Catch this kind of exception
and retry with smaller page_size.
Change-Id: If4340b7688420aabc673635f600c1e4b33aa4de3
Cryptography 36.0.0 isn't compatible with 19.1.0 and this
causes the lower-constraints job to fail.
Change-Id: I4caf226874c660a37de2bce7d0b31cd0b76d3813
Since there are two realized entities for subnet in
API policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/ip-pools/pool-1/ip-subnets/subnet-1,
sometimes we want to check the realization state for all entities.
Add all_results param in get_ip_subnet_realization_info func
to check all the entities realization state, and
return all the realized entities if no entity_type param set.
The default value for all_results is False.
Change-Id: I5a48c8f7e711090b38ea31d5f732f022bc7bd4bc
This change adds support for specifying ChildResourceReference entries
in NSX H-API transactions.
It also adds a method patch_entries to update security policy rules
specifying only individual rules to add.
This allows for adding rules to a security policy in a much faster way.
Change-Id: Ib2c9298b013a799a5363951855be6d16ba76d7a8
When querying switching profiles including system owned, there is
a trailing slash at the end of the URI.
This change removes this slash.
Change-Id: Iaa7d18fa8fdcd22c29baf2265259dfe843890213
In previous code, the 'details' key in error response body is
missed in the raised exceptions. This patch will reserve it.
Change-Id: Idb10c05135d2cbf5a90adbaa812abfb9ef0d153d
The NCP-AKO integration in WCP requires NCP to retrieve Avi auth token
and enforcement point information and pass to AKO controller.
Thus, add support for the corresponding API calls in nsxlib.
Change-Id: I7caa7faa80aa6c0f84d24e7ad1f629c5d6af542d
When urllib3 retries, log level is debug. If cluster is busy, there are
too much log when log level is debug so useful log may be flushed out.
Raise the log level to output 'PUT' method retry info.
Change-Id: I7308ee3ae32705fac8380b947e7d592cc21f2586
Erro code 610 is thrown when a NSX transaction is stopped.
The transaction should be retried by the client.
This change ensures erro 610 is handled with APITransactionAborted
exception and therefore retried.
Change-Id: Ice1d712f78ffb5e9ea12fc485e3d4ac52167f678
This change enables specifying multicast in Segment's advanced_config
attribute. Upon update, the attribute is replaced. It is up to the
caller to make sure other components such as address_pool_paths are
not overwritten.
Change-Id: I738daa6243772006b69e6149b42de9451befa7e5
With this change deprecated endpoints and the deprecated permission_group
parameter won't be used anymore.
The identity will now be created with the enterprise_admin role.
Change-Id: Ie202c78487a5273ddb58923e7479157c1da091a1
In setting T0 static route, a scope parameter is needed.
This patch fixes the problem with previous implementation by
adding the scope field in static route definition
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I9b6e579e8e57e13cb1ba9e797c7348e23e3aaa8f
Object-level RBAC Entries Support in Policy API. This resource
controls the CRUD permissions of specified user to specified resources.
URL: /policy/api/v1/aaa/object-permissions
Change-Id: If065da6e5c91fe16a563527ec2ec36c445c9afd1
Currently in get_realizaiton_info in Tier1 API, the entity_type
is ignored. This patch fixes this issue to use entity_type to
filter for realized entity returned by this API
Also to easily get router port, an API is added for Tier1 API
to return a list of RouterPort realized associated with the tier1
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: Ife3f3652255db4ffc72872e4aef84418bf1a3211
Adds Tier 0 static routes API to support dev
on NCP side on multi VRF and multi T0 topology
Issue: #
Jira: #
Signed-off-by: Rongrong_Miao <rmiao@vmware.com>
Change-Id: I73756350b23dbd8f23c8e22ad84abe93b49831a4
This patch allows IP Pool to be deleted with transaction, so that the IP
pool can be removed with its child resources (i.e. pool subnets, ip
allocations) in one API call.
Change-Id: I873f7b714a313ff5b512a3898aedab9bd805163b
NSX checks revision number for PUT requests. It rejects the request
if revision number is not latest. This is helpful for preventing
clients overwriting each other's change to the same object concurrently.
Change-Id: I226782f268b129a8e086938d8ebf258c2abc017e
Although we need to skip the request to /api/session/create with JWT
based auth (original patch: https://review.opendev.org/c/x/vmware-nsxlib/+/774025/),
we should update the session headers with the JWT token.
Change-Id: I87a338f99c195e163d3618c123760c13252317ab
Provide a new parameter in cluster API initilalize func to disable
health check and endpoint accessiblitlity check.
By default the value is True, for some scenarios, when creating
a nsxlib object, users does not intend to validate the endpoint
state, for example, in ncp election process.
Change-Id: I6485a91f1d764fbb7ae3edc61541b7cd9f97682e
According to NSX Authentication team's response
in bug 2708018, we should not be using /api/session/create
with JWT based auth, which will cause
session create failed with 403 response.
Change-Id: Ic09090d633301401906815743bbdd83b55212203