voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed Distributed Firewall Rule Section + Remove NSX-T Service

Browse Source
This commit is contained in:
William Lam
2019-04-19 16:24:19 -07:00
parent 25450e9003
commit 2cebd97c01
2 changed files with 136 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psd1
View File

@@ -36,7 +36,7 @@ Description = 'PowerShell Module for Managing NSX-T on VMware Cloud on AWS'
PowerShellVersion = '6.0' PowerShellVersion = '6.0'
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Connect-NSXTProxy', 'Get-NSXTSegment', 'New-NSXTSegment', 'Remove-NSXTSegment', 'Get-NSXTGroup', 'New-NSXTGroup', 'Remove-NSXTGroup', 'Get-NSXTService', 'New-NSXTService', 'Get-NSXTFirewall', 'New-NSXTFirewall', 'Remove-NSXTFirewall', 'Get-NSXTDistFirewallSection', 'Get-NSXTDistFirewall', 'New-NSXTDistFirewall', 'Remove-NSXTDistFirewall', 'Get-NSXTRouteTable', 'Get-NSXTOverviewInfo', 'Get-NSXTInfraScope', 'Get-NSXTInfraGroup', 'New-NSXTRouteBasedVPN', 'Get-NSXTRouteBasedVPN', 'Remove-NSXTRouteBasedVPN' FunctionsToExport = 'Connect-NSXTProxy', 'Get-NSXTSegment', 'New-NSXTSegment', 'Remove-NSXTSegment', 'Get-NSXTGroup', 'New-NSXTGroup', 'Remove-NSXTGroup', 'Get-NSXTService', 'New-NSXTService', 'Get-NSXTFirewall', 'New-NSXTFirewall', 'Remove-NSXTFirewall', 'Get-NSXTDistFirewallSection', 'Get-NSXTDistFirewall', 'New-NSXTDistFirewall', 'Remove-NSXTDistFirewall', 'Get-NSXTRouteTable', 'Get-NSXTOverviewInfo', 'Get-NSXTInfraScope', 'Get-NSXTInfraGroup', 'New-NSXTRouteBasedVPN', 'Get-NSXTRouteBasedVPN', 'Remove-NSXTRouteBasedVPN', 'Remove-NSXTService', 'New-NSXTDistFirewallSection', 'Get-NSXTDistFirewallSection'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @() CmdletsToExport = @()

169
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psm1
View File

@@ -520,7 +520,7 @@ Function New-NSXTFirewall {
if($serviceName -eq "ANY") { if($serviceName -eq "ANY") {
$services = @("ANY") $services = @("ANY")
} else { } else {
$tmp = "/infra/services/$serviceName" $tmp = (Get-NSXTService -Name "$serviceName").Path
$services+=$tmp $services+=$tmp
} }
} }
@@ -924,6 +924,7 @@ Function Get-NSXTService {
Protocol = $serviceProtocol; Protocol = $serviceProtocol;
Source = $serviceSourcePorts; Source = $serviceSourcePorts;
Destination = $serviceDestinationPorts; Destination = $serviceDestinationPorts;
Path = $service.path;
} }
$results += $tmp $results += $tmp
} }
@@ -932,6 +933,60 @@ Function Get-NSXTService {
} }
} }
Function Remove-NSXTService {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 04/10/2019
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Removes an NSX-T Service
.DESCRIPTION
This cmdlet removes an NSX-T Service
.EXAMPLE
Remove-NSXTService -Id VMware-Blast -Troubleshoot
#>
Param (
[Parameter(Mandatory=$True)]$Id,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "DELETE"
$deleteServiceURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/services/$Id"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$deleteServiceURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $deleteServiceURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $deleteServiceURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in removing NSX-T Service"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($requests.StatusCode -eq 200) {
Write-Host "Successfully removed NSX-T Service $Id"
}
}
}
Function New-NSXTService { Function New-NSXTService {
<# <#
.NOTES .NOTES
@@ -1005,27 +1060,23 @@ Function New-NSXTService {
} }
} }
Function Get-NSXTDistFirewallSection { Function New-NSXTDistFirewallSection {
<# <#
.NOTES .NOTES
=========================================================================== ===========================================================================
Created by: William Lam Created by: William Lam
Date: 01/01/2019 Date: 04/19/2019
Organization: VMware Organization: VMware
Blog: http://www.virtuallyghetto.com Blog: http://www.virtuallyghetto.com
Twitter: @lamw Twitter: @lamw
=========================================================================== ===========================================================================
.SYNOPSIS .SYNOPSIS
Returns all NSX-T Distributed Firewall Groups Creates new NSX-T Distributed Firewall Section
.DESCRIPTION .DESCRIPTION
This cmdlet retrieves all NSX-T Distributed Firewall Sections This cmdlet to create new NSX-T Distributed Firewall Section
.EXAMPLE .EXAMPLE
Get-NSXTDistFirewallSection Get-NSXTDistFirewallSection -Name "App Section 1" -Category Application
.EXAMPLE
Get-NSXTDistFirewallSection -Name "App Section 1"
.EXAMPLE
et-NSXTDistFirewallSection -Category Emergency
#> #>
param( param(
[Parameter(Mandatory=$false)][String]$Name, [Parameter(Mandatory=$false)][String]$Name,
@@ -1034,52 +1085,102 @@ Function Get-NSXTDistFirewallSection {
) )
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else { If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET" $payload = @{
$distFirewallGroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/cgw/communication-maps" display_name = $Name;
category = $Category;
resource_type = "CommunicationMap";
}
$body = $payload | ConvertTo-Json -depth 5
$method = "PUT"
$generatedId = (New-Guid).Guid
$distFirewallSectionURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/cgw/communication-maps/$generatedId"
if($Troubleshoot) { if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$distFirewallGroupURL`n" Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$distFirewallSectionURL`n"
} }
try { try {
if($PSVersionTable.PSEdition -eq "Core") { if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $distFirewallGroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck $requests = Invoke-WebRequest -Uri $distFirewallSectionURL -Method $method -Body $body -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else { } else {
$requests = Invoke-WebRequest -Uri $distFirewallGroupURL -Method $method -Headers $global:nsxtProxyConnection.headers $requests = Invoke-WebRequest -Uri $distFirewallSectionURL -Method $method -Body $body -Headers $global:nsxtProxyConnection.headers
} }
} catch { } catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") { if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n" Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break break
} else { } else {
Write-Error "Error in retrieving NSX-T Distributed Firewall Sections" Write-Error "Error in creating NSX-T Distributed Firewall Section"
Write-Error "`n($_.Exception.Message)`n" Write-Error "`n($_.Exception.Message)`n"
break break
} }
} }
if($requests.StatusCode -eq 200) { if($requests.StatusCode -eq 200) {
$groups = ($requests.Content | ConvertFrom-Json).results Write-Host "Successfully created new NSX-T Distributed Firewall Section $Section"
($requests.Content | ConvertFrom-Json) | select display_name, id
}
}
}
Function Get-NSXTDistFirewallSection {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 04/19/2019
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Distributed Firewall Sections
.DESCRIPTION
This cmdlet retrieves all NSX-T Distributed Firewall Sections
.EXAMPLE
Get-NSXTDistFirewallSection
#>
param(
[Parameter(Mandatory=$true)][String]$Name,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$distFirewallSectionURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/cgw/communication-maps"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$distFirewallSectionURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $distFirewallSectionURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $distFirdistFirewallSectionURLwallURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving NSX-T Distributed Firewall Section"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($requests.StatusCode -eq 200) {
$sections = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){ if ($PSBoundParameters.ContainsKey("Name")){
$groups = $groups | where {$_.display_name -eq $Name} $sections = $sections | where {$_.display_name -eq $Name}
} }
if ($PSBoundParameters.ContainsKey("Category")){ $sections | Sort-Object -Propert display_name | select display_name, id
$groups = $groups | where {$_.category -eq $Category}
}
$results = @()
foreach ($group in $groups | Sort-Object -Property category) {
$tmp = [pscustomobject] @{
Id = $group.id;
Section = $group.display_name;
Category = $group.category;
Precedence = $group.precedence;
}
$results+=$tmp
}
$results
} }
} }
} }
@@ -1329,7 +1430,7 @@ Function New-NSXTDistFirewall {
$method = "PUT" $method = "PUT"
$generatedId = (New-Guid).Guid $generatedId = (New-Guid).Guid
$newDistFirewallURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/cgw/communication-maps/$sectionId/communication-entries/$generatedId" $newDistFirewallURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/cgw/communication-maps/$($sectionId)/communication-entries/$generatedId"
if($Troubleshoot) { if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newDistFirewallURL`n" Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newDistFirewallURL`n"