voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for both Infra Group/Scopes related to CGW Edge Fireweall

Browse Source
This commit is contained in:
William Lam
2019-03-14 12:00:27 -07:00
parent 2212477dff
commit b8b48e40f8
2 changed files with 194 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psd1
View File

@@ -36,7 +36,7 @@ Description = 'PowerShell Module for Managing NSX-T on VMware Cloud on AWS'
PowerShellVersion = '6.0' PowerShellVersion = '6.0'
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Connect-NSXTProxy', 'Get-NSXTSegment', 'New-NSXTSegment', 'Remove-NSXTSegment', 'Get-NSXTGroup', 'New-NSXTGroup', 'Remove-NSXTGroup', 'Get-NSXTService', 'New-NSXTService', 'Get-NSXTFirewall', 'New-NSXTFirewall', 'Remove-NSXTFirewall', 'Get-NSXTDistFirewallSection', 'Get-NSXTDistFirewall', 'New-NSXTDistFirewall', 'Remove-NSXTDistFirewall', 'Get-NSXTRouteTable', 'Get-NSXTOverviewInfo' FunctionsToExport = 'Connect-NSXTProxy', 'Get-NSXTSegment', 'New-NSXTSegment', 'Remove-NSXTSegment', 'Get-NSXTGroup', 'New-NSXTGroup', 'Remove-NSXTGroup', 'Get-NSXTService', 'New-NSXTService', 'Get-NSXTFirewall', 'New-NSXTFirewall', 'Remove-NSXTFirewall', 'Get-NSXTDistFirewallSection', 'Get-NSXTDistFirewall', 'New-NSXTDistFirewall', 'Remove-NSXTDistFirewall', 'Get-NSXTRouteTable', 'Get-NSXTOverviewInfo', 'Get-NSXTInfraScope', 'Get-NSXTInfraGroup'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @() CmdletsToExport = @()

195
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psm1
View File

@@ -403,6 +403,27 @@ Function Get-NSXTFirewall {
} }
} }
$scopeEntries = $rule.scope
$scopes = @()
foreach ($scopeEntry in $scopeEntries) {
$scopeLabelURL = $global:nsxtProxyConnection.Server + "/policy/api/v1" + $scopeEntry
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$scopeLabelURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $scopeLabelURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $scopeLabelURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
$scope = ($requests.Content | ConvertFrom-Json)
$scopes += $scope.display_name
}
$tmp = [pscustomobject] @{ $tmp = [pscustomobject] @{
SequenceNumber = $rule.sequence_number; SequenceNumber = $rule.sequence_number;
Name = $rule.display_name; Name = $rule.display_name;
@@ -410,6 +431,7 @@ Function Get-NSXTFirewall {
Source = $source; Source = $source;
Destination = $destination; Destination = $destination;
Services = $service; Services = $service;
Scope = $scopes;
Action = $rule.action; Action = $rule.action;
} }
$results+=$tmp $results+=$tmp
@@ -446,6 +468,9 @@ Function New-NSXTFirewall {
[Parameter(Mandatory=$True)]$DestinationGroup, [Parameter(Mandatory=$True)]$DestinationGroup,
[Parameter(Mandatory=$True)]$Service, [Parameter(Mandatory=$True)]$Service,
[Parameter(Mandatory=$True)][ValidateSet("ALLOW","DENY")]$Action, [Parameter(Mandatory=$True)][ValidateSet("ALLOW","DENY")]$Action,
[Parameter(Mandatory=$false)]$InfraScope,
[Parameter(Mandatory=$false)]$SourceInfraGroup,
[Parameter(Mandatory=$false)]$DestinationInfraGroup,
[Parameter(Mandatory=$false)][Boolean]$Logged=$false, [Parameter(Mandatory=$false)][Boolean]$Logged=$false,
[Switch]$Troubleshoot [Switch]$Troubleshoot
) )
@@ -464,6 +489,13 @@ Function New-NSXTFirewall {
} }
} }
if(! $DestinationInfraGroup) {
foreach ($group in $SourceInfraGroup) {
$tmp = (Get-NSXTInfraGroup -Name $group).Path
$destinationGroups+= $tmp
}
}
$sourceGroups = @() $sourceGroups = @()
foreach ($group in $SourceGroup) { foreach ($group in $SourceGroup) {
if($group -eq "ANY") { if($group -eq "ANY") {
@@ -474,6 +506,13 @@ Function New-NSXTFirewall {
} }
} }
if(! $SourceInfraGroup) {
foreach ($group in $SourceInfraGroup) {
$tmp = (Get-NSXTInfraGroup -Name $group).Path
$sourceGroups+= $tmp
}
}
$services = @() $services = @()
foreach ($serviceName in $Service) { foreach ($serviceName in $Service) {
if($serviceName -eq "ANY") { if($serviceName -eq "ANY") {
@@ -484,6 +523,16 @@ Function New-NSXTFirewall {
} }
} }
$scopeLabels = @()
if(! $InfraScope ) {
$scopeLabels = @("/infra/labels/$($GatewayType.toLower())")
} else {
foreach ($infraScopeName in $InfraScope) {
$scope = Get-NSXTInfraScope -Name $infraScopeName
$scopeLabels += $scope.Path
}
}
$payload = @{ $payload = @{
display_name = $Name; display_name = $Name;
resource_type = "CommunicationEntry"; resource_type = "CommunicationEntry";
@@ -491,7 +540,7 @@ Function New-NSXTFirewall {
destination_groups = $destinationGroups; destination_groups = $destinationGroups;
source_groups = $sourceGroups; source_groups = $sourceGroups;
logged = $Logged; logged = $Logged;
scope = @("/infra/labels/$($GatewayType.toLower())"); scope = $scopeLabels;
services = $services; services = $services;
action = $Action; action = $Action;
} }
@@ -1495,4 +1544,146 @@ If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection f
($requests.Content | ConvertFrom-Json) ($requests.Content | ConvertFrom-Json)
} }
} }
} }
Function Get-NSXTInfraScope {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 03/14/2019
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Infrastructure Scopes
.DESCRIPTION
This cmdlet retrieves all NSX-T Infrastructure Scopes
.EXAMPLE
Get-NSXTInfraScope
.EXAMPLE
Get-NSXTInfraGroup -Name "VPN Tunnel Interface"
#>
param(
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$infraLabelURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/labels"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$infraLabelURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $infraLabelURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $infraLabelURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving NSX-T Infrastructure Scopes"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($requests.StatusCode -eq 200) {
$infraLables = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){
$infraLables = $infraLables | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($infraLabel in $infraLables) {
$tmp = [pscustomobject] @{
Name = $infraLabel.display_name;
Id = $infraLabel.Id;
Path = $infraLabel.Path;
}
$results+=$tmp
}
$results
}
}
}
Function Get-NSXTInfraGroup {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 03/14/2019
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Infrastructure Groups for CGW
.DESCRIPTION
This cmdlet retrieves all NSX-T Infrastructure Groups for CGW
.EXAMPLE
Get-NSXTInfraGroup
.EXAMPLE
Get-NSXTInfraGroup -Name "S3 Prefixes"
#>
param(
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$infraGroupsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-0s/vmc/groups"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$infraGroupsURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $infraGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $infraGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving NSX-T Infrastructure Groups"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($requests.StatusCode -eq 200) {
$groups = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){
$groups = $groups | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($group in $groups) {
$tmp = [pscustomobject] @{
Name = $group.display_name;
ID = $group.id;
Path = $group.path;
}
$results+=$tmp
}
$results
}
}
}