NSX|T: Add handling of disable/enable firewall

Adding a section for handling API call to enable/disable firewall on logical router. Change-Id: I5527f8316445e27ba0f96f71c089c27e2bd8bbb0 Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-10-25 12:03:25 +03:00 · 2018-10-25 12:03:25 +03:00 · 90def527e8
commit 90def527e8
parent bd040163ce
4 changed files with 24 additions and 0 deletions
--- a/vmware_nsxlib/tests/unit/v3/test_resources.py
+++ b/vmware_nsxlib/tests/unit/v3/test_resources.py
@ -850,6 +850,16 @@ class LogicalRouterTestCase(BaseTestResource):
                    (router_id, rule_id)),
                headers=self.default_headers())

+    def test_change_edge_firewall(self):
+        router = self.get_mocked_resource()
+        router_id = test_constants.FAKE_ROUTER_UUID
+        router.change_edge_firewall_status(router_id, nsx_constants.FW_DISABLE)
+        test_client.assert_json_call(
+            'post', router,
+            ('https://1.2.3.4/api/v1/firewall/status/logical_routers/%s'
+                '?action=%s' % (router_id, nsx_constants.FW_DISABLE)),
+            headers=self.default_headers())
+
    def test_update_advertisement(self):
        router = self.get_mocked_resource()
        router_id = test_constants.FAKE_ROUTER_UUID
--- a/vmware_nsxlib/v3/core_resources.py
+++ b/vmware_nsxlib/v3/core_resources.py
@ -569,6 +569,11 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
            body['display_name'] = display_name
        return self.client.create(resource, body)

+    def change_edge_firewall_status(self, logical_router_id, action):
+        resource = 'firewall/status/logical_routers/%s?action=%s' % (
+            logical_router_id, action)
+        return self.client.create(resource)
+
    def add_static_route(self, logical_router_id, dest_cidr, nexthop):
        resource = ('logical-routers/%s/routing/static-routes' %
                    logical_router_id)
--- a/vmware_nsxlib/v3/nsx_constants.py
+++ b/vmware_nsxlib/v3/nsx_constants.py
@ -69,6 +69,10 @@ FW_ACTION_ALLOW = 'ALLOW'
 FW_ACTION_DROP = 'DROP'
 FW_ACTION_REJECT = 'REJECT'

+# firewall disable/enable
+FW_ENABLE = 'enable_firewall'
+FW_DISABLE = 'disable_firewall'
+
 # nsgroup members update actions
 NSGROUP_ADD_MEMBERS = 'ADD_MEMBERS'
 NSGROUP_REMOVE_MEMBERS = 'REMOVE_MEMBERS'
--- a/vmware_nsxlib/v3/router.py
+++ b/vmware_nsxlib/v3/router.py
@ -250,6 +250,11 @@ class RouterLib(object):
            route['destination'],
            route['nexthop'])

+    def change_edge_firewall_status(self, nsx_router_id,
+                                    action=nsx_constants.FW_DISABLE):
+        return self.nsxlib.logical_router.change_edge_firewall_status(
+            nsx_router_id, action)
+
    def delete_static_routes(self, nsx_router_id, route):
        return self.nsxlib.logical_router.delete_static_route_by_values(
            nsx_router_id, dest_cidr=route['destination'],