208 lines
6.4 KiB
Python
208 lines
6.4 KiB
Python
# Copyright 2016 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Admin statuses
|
|
ADMIN_STATE_UP = "UP"
|
|
ADMIN_STATE_DOWN = "DOWN"
|
|
|
|
# Replication modes
|
|
MTEP = "MTEP"
|
|
|
|
# Port attachment types
|
|
ATTACHMENT_VIF = "VIF"
|
|
ATTACHMENT_LR = "LOGICALROUTER"
|
|
ATTACHMENT_DHCP = "DHCP_SERVICE"
|
|
ATTACHMENT_MDPROXY = "METADATA_PROXY"
|
|
|
|
VIF_RESOURCE_TYPE = "VifAttachmentContext"
|
|
|
|
VIF_TYPE_PARENT = "PARENT"
|
|
VIF_TYPE_CHILD = "CHILD"
|
|
|
|
ALLOCATE_ADDRESS_NONE = "None"
|
|
|
|
# SegmentPort init_state types
|
|
INIT_STATE_UNBLOCKED_VLAN = 'UNBLOCKED_VLAN'
|
|
INIT_STATE_RESTORE_VIF = 'RESTORE_VIF'
|
|
|
|
# NSXv3 L2 Gateway constants
|
|
BRIDGE_ENDPOINT = "BRIDGEENDPOINT"
|
|
FAILOVER_MODE_PREEMPTIVE = "PREEMPTIVE"
|
|
FAILOVER_MODE_NONPREEMPTIVE = "NON_PREEMPTIVE"
|
|
|
|
# Router type
|
|
ROUTER_TYPE_TIER0 = "TIER0"
|
|
ROUTER_TYPE_TIER1 = "TIER1"
|
|
ROUTER_TYPE_TIER0_DR = "DISTRIBUTED_ROUTER_TIER0"
|
|
ROUTER_TYPE_TIER1_DR = "DISTRIBUTED_ROUTER_TIER1"
|
|
|
|
LROUTERPORT_UPLINK = "LogicalRouterUpLinkPort"
|
|
LROUTERPORT_DOWNLINK = "LogicalRouterDownLinkPort"
|
|
LROUTERPORT_CENTRALIZED = "LogicalRouterCentralizedServicePort"
|
|
LROUTERPORT_LINKONTIER0 = "LogicalRouterLinkPortOnTIER0"
|
|
LROUTERPORT_LINKONTIER1 = "LogicalRouterLinkPortOnTIER1"
|
|
|
|
# NSX service type
|
|
SERVICE_DHCP = "dhcp"
|
|
|
|
# NSX-V3 Distributed Firewall constants
|
|
IP_SET = 'IPSet'
|
|
NSGROUP = 'NSGroup'
|
|
NSGROUP_COMPLEX_EXP = 'NSGroupComplexExpression'
|
|
NSGROUP_SIMPLE_EXP = 'NSGroupSimpleExpression'
|
|
NSGROUP_TAG_EXP = 'NSGroupTagExpression'
|
|
EXCLUDE_PORT = 'Exclude-Port'
|
|
|
|
# Firewall rule position
|
|
FW_INSERT_BEFORE = 'insert_before'
|
|
FW_INSERT_AFTER = 'insert_after'
|
|
FW_INSERT_BOTTOM = 'insert_bottom'
|
|
FW_INSERT_TOP = 'insert_top'
|
|
|
|
# firewall rule actions
|
|
FW_ACTION_ALLOW = 'ALLOW'
|
|
FW_ACTION_DROP = 'DROP'
|
|
FW_ACTION_REJECT = 'REJECT'
|
|
|
|
# firewall disable/enable
|
|
FW_ENABLE = 'enable_firewall'
|
|
FW_DISABLE = 'disable_firewall'
|
|
|
|
# nsgroup members update actions
|
|
NSGROUP_ADD_MEMBERS = 'ADD_MEMBERS'
|
|
NSGROUP_REMOVE_MEMBERS = 'REMOVE_MEMBERS'
|
|
|
|
# NSServices resource types
|
|
L4_PORT_SET_NSSERVICE = 'L4PortSetNSService'
|
|
ICMP_TYPE_NSSERVICE = 'ICMPTypeNSService'
|
|
IP_PROTOCOL_NSSERVICE = 'IPProtocolNSService'
|
|
|
|
# firewall section types
|
|
FW_SECTION_LAYER3 = 'LAYER3'
|
|
|
|
TARGET_TYPE_LOGICAL_SWITCH = 'LogicalSwitch'
|
|
TARGET_TYPE_LOGICAL_PORT = 'LogicalPort'
|
|
TARGET_TYPE_IPV4ADDRESS = 'IPv4Address'
|
|
TARGET_TYPE_IPV6ADDRESS = 'IPv6Address'
|
|
|
|
# filtering operators and expressions
|
|
EQUALS = 'EQUALS'
|
|
|
|
IN = 'IN'
|
|
OUT = 'OUT'
|
|
IN_OUT = 'IN_OUT'
|
|
|
|
TCP = 'TCP'
|
|
UDP = 'UDP'
|
|
ICMPV4 = 'ICMPv4'
|
|
ICMPV6 = 'ICMPv6'
|
|
IPV4 = 'IPV4'
|
|
IPV6 = 'IPV6'
|
|
IPV4_IPV6 = 'IPV4_IPV6'
|
|
|
|
LOCAL_IP_PREFIX = 'local_ip_prefix'
|
|
|
|
# Allowed address pairs
|
|
NUM_ALLOWED_IP_ADDRESSES = 128
|
|
NUM_ALLOWED_IP_ADDRESSES_v4 = NUM_ALLOWED_IP_ADDRESSES
|
|
NUM_ALLOWED_IP_ADDRESSES_v6 = 15
|
|
MAX_STATIC_ROUTES = 26
|
|
|
|
# QoS directions egress/ingress
|
|
EGRESS = 'egress'
|
|
INGRESS = 'ingress'
|
|
EGRESS_SHAPING = 'EgressRateShaper'
|
|
INGRESS_SHAPING = 'IngressRateShaper'
|
|
|
|
# Transport zone constants
|
|
TRANSPORT_TYPE_VLAN = 'VLAN'
|
|
TRANSPORT_TYPE_OVERLAY = 'OVERLAY'
|
|
HOST_SWITCH_MODE_ENS = 'ENS'
|
|
HOST_SWITCH_MODE_STANDARD = 'STANDARD'
|
|
|
|
# NAT firewall match
|
|
NAT_FIREWALL_MATCH_BYPASS = 'BYPASS'
|
|
NAT_FIREWALL_MATCH_EXTERNAL = 'MATCH_EXTERNAL_ADDRESS'
|
|
NAT_FIREWALL_MATCH_INTERNAL = 'MATCH_INTERNAL_ADDRESS'
|
|
NAT_FIREWALL_MATCH_VALUES = [
|
|
NAT_FIREWALL_MATCH_BYPASS,
|
|
NAT_FIREWALL_MATCH_INTERNAL,
|
|
NAT_FIREWALL_MATCH_EXTERNAL]
|
|
|
|
# Error codes returned by the backend
|
|
ERR_CODE_OBJECT_NOT_FOUND = 202
|
|
ERR_CODE_IPAM_POOL_EXHAUSTED = 5109
|
|
ERR_CODE_IPAM_SPECIFIC_IP = 5123
|
|
ERR_CODE_IPAM_IP_ALLOCATED = 5141
|
|
ERR_CODE_IPAM_IP_NOT_IN_POOL = 5110
|
|
ERR_CODE_IPAM_RANGE_MODIFY = 5602
|
|
ERR_CODE_IPAM_RANGE_DELETE = 5015
|
|
ERR_CODE_IPAM_RANGE_SHRUNK = 5016
|
|
|
|
# backend versions
|
|
NSX_VERSION_1_1_0 = '1.1.0'
|
|
NSX_VERSION_2_0_0 = '2.0.0'
|
|
NSX_VERSION_2_1_0 = '2.1.0'
|
|
NSX_VERSION_2_2_0 = '2.2.0'
|
|
NSX_VERSION_2_3_0 = '2.3.0'
|
|
NSX_VERSION_2_4_0 = '2.4.0'
|
|
NSX_VERSION_2_5_0 = '2.5.0'
|
|
NSX_VERSION_3_0_0 = '3.0.0'
|
|
NSX_VERSION_3_0_2 = '3.0.2'
|
|
NSX_VERSION_3_1_0 = '3.1.0'
|
|
NSX_VERSION_3_2_0 = '3.2.0'
|
|
NSX_VERSION_3_2_1 = '3.2.1'
|
|
NSX_VERSION_4_0_0 = '4.0.0'
|
|
NSX_VERSION_4_0_1 = '4.0.1'
|
|
|
|
# Features available depending on the NSX Manager backend version
|
|
FEATURE_MAC_LEARNING = 'MAC Learning'
|
|
FEATURE_DYNAMIC_CRITERIA = 'Dynamic criteria'
|
|
FEATURE_EXCLUDE_PORT_BY_TAG = 'Exclude Port by Tag'
|
|
FEATURE_ROUTER_FIREWALL = 'Router Firewall'
|
|
FEATURE_LOAD_BALANCER = 'Load Balancer'
|
|
FEATURE_LB_HM_RESPONSE_CODES = 'Load Balancer HM response codes'
|
|
FEATURE_DHCP_RELAY = 'DHCP Relay'
|
|
FEATURE_VLAN_ROUTER_INTERFACE = 'VLAN Router Interface'
|
|
FEATURE_RATE_LIMIT = 'Requests Rate Limit'
|
|
FEATURE_IPSEC_VPN = 'IPSec VPN'
|
|
FEATURE_ON_BEHALF_OF = 'On Behalf Of'
|
|
FEATURE_TRUNK_VLAN = 'Trunk Vlan'
|
|
FEATURE_ROUTER_TRANSPORT_ZONE = 'Router Transport Zone'
|
|
FEATURE_NO_DNAT_NO_SNAT = 'No DNAT/No SNAT'
|
|
FEATURE_ENS_WITH_SEC = 'ENS with security'
|
|
FEATURE_ENS_WITH_QOS = 'ENS with QoS'
|
|
FEATURE_ICMP_STRICT = 'Strict list of supported ICMP types and codes'
|
|
FEATURE_ROUTER_ALLOCATION_PROFILE = 'Router Allocation Profile'
|
|
FEATURE_ENABLE_STANDBY_RELOCATION = 'Router Enable standby relocation'
|
|
FEATURE_PARTIAL_UPDATES = 'Partial Update with PATCH'
|
|
FEATURE_RELAX_SCALE_VALIDATION = 'Relax Scale Validation for LbService'
|
|
FEATURE_SWITCH_HYPERBUS_MODE = 'Switch hyperbus mode with policy API'
|
|
FEATURE_GET_TZ_FROM_SWITCH = 'Get TZ endpoints from host switch'
|
|
FEATURE_ROUTE_REDISTRIBUTION_CONFIG = 'Tier0 route redistribution config'
|
|
FEATURE_CONTAINER_CLUSTER_INVENTORY = 'Container Cluster Inventory'
|
|
FEATURE_IPV6 = 'IPV6 Forwarding and Address Allocation'
|
|
FEATURE_MP2P_MIGRATION = 'MP to Policy Migration'
|
|
FEATURE_SPOOFGUARD_CIDR = 'Spoofguard IPv4 CIDR'
|
|
|
|
# Features available depending on the Policy Manager backend version
|
|
FEATURE_NSX_POLICY = 'NSX Policy'
|
|
FEATURE_NSX_POLICY_NETWORKING = 'NSX Policy Networking'
|
|
FEATURE_NSX_POLICY_MDPROXY = 'NSX Policy Metadata Proxy'
|
|
FEATURE_NSX_POLICY_DHCP = 'NSX Policy DHCP'
|
|
FEATURE_NSX_POLICY_GLOBAL_CONFIG = 'NSX Policy Global Config'
|
|
FEATURE_NSX_POLICY_ADMIN_STATE = 'NSX Policy Segment admin state'
|
|
FEATURE_NSX_POLICY_ORBAC = 'NSX Policy ORBAC'
|