From 0323737ed163833968a2e01e1bc01b5ea4c72a47 Mon Sep 17 00:00:00 2001 From: sean Date: Thu, 5 Nov 2020 18:26:46 -0800 Subject: [PATCH] Add api support for enabling snat rule logging 1. For MP, add logging parameter in snat rule creating api 2. For Policy, change parameter name from log to logging for tier0 and tier1 snat rule object. Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61 --- .../tests/unit/v3/policy/test_resources.py | 28 +++++++++++++------ vmware_nsxlib/tests/unit/v3/test_resources.py | 13 +++++++-- vmware_nsxlib/v3/core_resources.py | 4 ++- vmware_nsxlib/v3/policy/core_defs.py | 2 +- vmware_nsxlib/v3/policy/core_resources.py | 16 +++++------ 5 files changed, 42 insertions(+), 21 deletions(-) diff --git a/vmware_nsxlib/tests/unit/v3/policy/test_resources.py b/vmware_nsxlib/tests/unit/v3/policy/test_resources.py index 997678ef..ef8b288f 100644 --- a/vmware_nsxlib/tests/unit/v3/policy/test_resources.py +++ b/vmware_nsxlib/tests/unit/v3/policy/test_resources.py @@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): cidr1 = '1.1.1.1/32' cidr2 = '2.2.2.0/24' enabled = True + logging = False with mock.patch.object(self.policy_api, "create_or_update") as api_call: @@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): source_network=cidr2, firewall_match=firewall_match, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) expected_def = core_defs.Tier0NatRule( tier0_id=tier0_id, nat_rule_id=nat_rule_id, @@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): source_network=cidr2, firewall_match=firewall_match, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) self.assert_called_with_def(api_call, expected_def) self.assertIsNotNone(result) @@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): cidr1 = '1.1.1.1/32' cidr2 = '2.2.2.0/24' enabled = True + logging = False with mock.patch.object(self.policy_api, "create_or_update") as api_call: @@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) expected_def = core_defs.Tier0NatRule( tier0_id=tier0_id, @@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) self.assert_called_with_def(api_call, expected_def) @@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): cidr1 = '1.1.1.1/32' cidr2 = '2.2.2.0/24' enabled = True + logging = True with mock.patch.object(self.policy_api, "create_or_update") as api_call: @@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) expected_def = core_defs.Tier1NatRule( tier1_id=tier1_id, @@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) self.assert_called_with_def(api_call, expected_def) self.assertIsNotNone(result) @@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): cidr1 = '1.1.1.1/32' cidr2 = '2.2.2.0/24' enabled = True + logging = True with mock.patch.object(self.policy_api, "create_or_update") as api_call: @@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) expected_def = core_defs.Tier1NatRule( tier1_id=tier1_id, @@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase): firewall_match=firewall_match, source_network=cidr2, tenant=TEST_TENANT, - enabled=enabled) + enabled=enabled, + logging=logging) self.assert_called_with_def(api_call, expected_def) diff --git a/vmware_nsxlib/tests/unit/v3/test_resources.py b/vmware_nsxlib/tests/unit/v3/test_resources.py index ae5fe05d..12f972d0 100644 --- a/vmware_nsxlib/tests/unit/v3/test_resources.py +++ b/vmware_nsxlib/tests/unit/v3/test_resources.py @@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource): self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id) def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True, - action='SNAT', expect_failure=False): + action='SNAT', expect_failure=False, + logging=False): router = self.get_mocked_resource() translated_net = '1.1.1.1' priority = 10 @@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource): 'display_name': display_name, 'enabled': True, 'translated_network': translated_net, - 'rule_priority': priority + 'rule_priority': priority, + 'logging': logging } if add_bypas_arg: # Expect nat_pass to be sent to the backend @@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource): translated_network=translated_net, rule_priority=priority, bypass_firewall=False, - display_name=display_name) + display_name=display_name, + logging=logging) except exceptions.InvalidInput as e: if expect_failure: return @@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource): # Ignoring 'bypass_firewall' with version 1.1 self._test_nat_rule_create('1.1.0', add_bypas_arg=False) + def test_nat_rule_create_with_logging(self): + # enable logging parameter in snat obj + self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True) + def test_nat_rule_create_v2(self): # Sending 'bypass_firewall' with version 1.1 self._test_nat_rule_create('2.0.0') diff --git a/vmware_nsxlib/v3/core_resources.py b/vmware_nsxlib/v3/core_resources.py index ac7c0421..db5a1d56 100644 --- a/vmware_nsxlib/v3/core_resources.py +++ b/vmware_nsxlib/v3/core_resources.py @@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase): enabled=True, rule_priority=None, match_ports=None, match_protocol=None, match_resource_type=None, - bypass_firewall=True, + bypass_firewall=True, logging=None, tags=None, display_name=None): self._validate_nat_rule_action(action) @@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase): body['tags'] = tags if display_name: body['display_name'] = display_name + if logging is not None: + body['logging'] = logging return self.client.create(resource, body) def change_edge_firewall_status(self, logical_router_id, action): diff --git a/vmware_nsxlib/v3/policy/core_defs.py b/vmware_nsxlib/v3/policy/core_defs.py index 1f691c9f..1f1e68d5 100644 --- a/vmware_nsxlib/v3/policy/core_defs.py +++ b/vmware_nsxlib/v3/policy/core_defs.py @@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef): 'destination_network', 'translated_network', 'firewall_match', - 'log', + 'logging', 'sequence_number', 'enabled']) return body diff --git a/vmware_nsxlib/v3/policy/core_resources.py b/vmware_nsxlib/v3/policy/core_resources.py index 93399c02..15211c81 100644 --- a/vmware_nsxlib/v3/policy/core_resources.py +++ b/vmware_nsxlib/v3/policy/core_resources.py @@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase): firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS, action=IGNORE, sequence_number=IGNORE, - log=IGNORE, + logging=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT, enabled=IGNORE): @@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase): firewall_match=firewall_match, action=action, sequence_number=sequence_number, - log=log, + logging=logging, tags=tags, tenant=tenant, enabled=enabled) @@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase): firewall_match=IGNORE, action=IGNORE, sequence_number=IGNORE, - log=IGNORE, + logging=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT, enabled=IGNORE): @@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase): firewall_match=firewall_match, action=action, sequence_number=sequence_number, - log=log, + logging=logging, tags=tags, tenant=tenant, enabled=enabled) @@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase): firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS, action=IGNORE, sequence_number=IGNORE, - log=IGNORE, + logging=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT, enabled=IGNORE): @@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase): firewall_match=firewall_match, action=action, sequence_number=sequence_number, - log=log, + logging=logging, tags=tags, tenant=tenant, enabled=enabled) @@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase): firewall_match=IGNORE, action=IGNORE, sequence_number=IGNORE, - log=IGNORE, + logging=IGNORE, tags=IGNORE, tenant=constants.POLICY_INFRA_TENANT, enabled=IGNORE): @@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase): firewall_match=firewall_match, action=action, sequence_number=sequence_number, - log=log, + logging=logging, tags=tags, tenant=tenant, enabled=enabled)