Admin Utility: List spoofguard policy mappings

Change-Id: Icd313a9bb4c0732db549de0e2b602e36a00cfebd

tools/python-nsxadmin/admin/plugins/nsxv/resources/edges.py

@@ -19,37 +19,19 @@ from admin.plugins.common import constants
 from admin.plugins.common import formatters
 from admin.plugins.common.utils import output_header
 from admin.plugins.common.utils import query_yes_no
+import admin.plugins.nsxv.resources.utils as utils
 from admin.shell import Operations
 
-from neutron.i18n import _LI
-from oslo_config import cfg
-
 from neutron.callbacks import registry
-from neutron import context as neutron_context
-from neutron.db import common_db_mixin as common_db
+from neutron.i18n import _LI
+
 from vmware_nsx.db import nsxv_db
-from vmware_nsx.plugins.nsx_v.vshield import vcns
 
 LOG = logging.getLogger(__name__)
 
 
-class EdgeApi(common_db.CommonDbMixin):
-    def __init__(self):
-        super(EdgeApi, self)
-        self.context = neutron_context.get_admin_context()
-
-
-def init_nsxv_client():
-    return vcns.Vcns(
-        address=cfg.CONF.nsxv.manager_uri,
-        user=cfg.CONF.nsxv.user,
-        password=cfg.CONF.nsxv.password,
-        ca_file=cfg.CONF.nsxv.ca_file,
-        insecure=cfg.CONF.nsxv.insecure)
-
-
 def get_nsxv_edges():
-    nsxv = init_nsxv_client()
+    nsxv = utils.get_nsxv_client()
     edges = nsxv.get_edges()[1]
     return edges['edgePage'].get('data', [])
 
@@ -64,7 +46,7 @@ def nsx_list_edges(resource, event, trigger, **kwargs):
 
 
 def get_router_edge_bindings():
-    edgeapi = EdgeApi()
+    edgeapi = utils.NeutronDbClient()
     return nsxv_db.get_nsxv_router_bindings(edgeapi.context)
 
 
@@ -90,14 +72,16 @@ def get_orphaned_edges():
 
 @output_header
 def nsx_list_orphaned_edges(resource, event, trigger, **kwargs):
-    """
-    List orphaned Edges on NSXv. Orphaned edges are NSXv edges that exist
-    on NSXv backend but don't have a corresponding binding in Neutron DB
+    """List orphaned Edges on NSXv.
+
+    Orphaned edges are NSXv edges that exist on NSXv backend but
+    don't have a corresponding binding in Neutron DB
     """
     orphaned_edges = get_orphaned_edges()
     LOG.info(orphaned_edges)
 
 
+@output_header
 def nsx_delete_orphaned_edges(resource, event, trigger, **kwargs):
     """Delete orphaned edges from NSXv backend"""
     orphaned_edges = get_orphaned_edges()
@@ -111,7 +95,7 @@ def nsx_delete_orphaned_edges(resource, event, trigger, **kwargs):
                 LOG.info(_LI("NSXv Edge deletion aborted by user"))
                 return
 
-    nsxv = init_nsxv_client()
+    nsxv = utils.get_nsxv_client()
     for edge in orphaned_edges:
         LOG.info(_LI("Deleting edge: %s"), edge)
         nsxv.delete_edge(edge)

tools/python-nsxadmin/admin/plugins/nsxv/resources/spoofguard_policy.py

@@ -0,0 +1,94 @@
+# Copyright 2015 VMware, Inc.  All rights reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+import logging
+
+from admin.plugins.common import constants
+from admin.plugins.common import formatters
+from admin.plugins.common.utils import output_header
+import admin.plugins.nsxv.resources.utils as utils
+from admin.shell import Operations
+
+from neutron.callbacks import registry
+from neutron.i18n import _LI
+
+from vmware_nsx.db import nsxv_db
+
+LOG = logging.getLogger(__name__)
+
+
+def get_spoofguard_policies():
+    nsxv = utils.get_nsxv_client()
+    return nsxv.get_spoofguard_policies()[1].get("policies")
+
+
+@output_header
+def nsx_list_spoofguard_policies(resource, event, trigger, **kwargs):
+    """List spoofguard policies from NSXv backend"""
+    policies = get_spoofguard_policies()
+    LOG.info(formatters.output_formatter(
+                 constants.SPOOFGUARD_POLICY, policies,
+                 ['policyId', 'name']))
+
+
+def get_spoofguard_policy_network_mappings():
+    spgapi = utils.NeutronDbClient()
+    return nsxv_db.get_nsxv_spoofguard_policy_network_mappings(
+        spgapi.context)
+
+
+@output_header
+def neutron_list_spoofguard_policy_mappings(resource, event, trigger,
+                                            **kwargs):
+    mappings = get_spoofguard_policy_network_mappings()
+    LOG.info(formatters.output_formatter(
+                 constants.SPOOFGUARD_POLICY, mappings,
+                 ['network_id', 'policy_id']))
+
+
+def get_missing_spoofguard_policy_mappings():
+    nsxv_spoofguard_policies = set()
+    for spg in get_spoofguard_policies():
+        nsxv_spoofguard_policies.add(spg.get('policyId'))
+
+    neutron_spoofguard_policy_mappings = set()
+    for binding in get_spoofguard_policy_network_mappings():
+        neutron_spoofguard_policy_mappings.add(binding.policy_id)
+
+    return neutron_spoofguard_policy_mappings - nsxv_spoofguard_policies
+
+
+@output_header
+def nsx_list_missing_spoofguard_policies(resource, event, trigger,
+                                         **kwargs):
+    """List missing spoofguard policies on NSXv.
+
+    Spoofguard policies that have a binding in Neutron Db but there is
+    no policy on NSXv backend to back it.
+    """
+    LOG.info(_LI("Spoofguard policies in Neutron Db but on present on NSXv"))
+    missing_policies = get_missing_spoofguard_policy_mappings()
+    LOG.info(missing_policies)
+
+
+registry.subscribe(neutron_list_spoofguard_policy_mappings,
+                   constants.SPOOFGUARD_POLICY,
+                   Operations.LIST.value)
+registry.subscribe(nsx_list_spoofguard_policies,
+                   constants.SPOOFGUARD_POLICY,
+                   Operations.LIST.value)
+registry.subscribe(nsx_list_missing_spoofguard_policies,
+                   constants.SPOOFGUARD_POLICY,
+                   Operations.LIST.value)

tools/python-nsxadmin/admin/plugins/nsxv/resources/utils.py

@@ -0,0 +1,35 @@
+# Copyright 2015 VMware, Inc.  All rights reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+from oslo_config import cfg
+
+from neutron import context as neutron_context
+from neutron.db import common_db_mixin as common_db
+from vmware_nsx.plugins.nsx_v.vshield import vcns
+
+
+def get_nsxv_client():
+    return vcns.Vcns(
+        address=cfg.CONF.nsxv.manager_uri,
+        user=cfg.CONF.nsxv.user,
+        password=cfg.CONF.nsxv.password,
+        ca_file=cfg.CONF.nsxv.ca_file,
+        insecure=cfg.CONF.nsxv.insecure)
+
+
+class NeutronDbClient(common_db.CommonDbMixin):
+    def __init__(self):
+        super(NeutronDbClient, self)
+        self.context = neutron_context.get_admin_context()