Skip to content

Commit

Permalink
Support multi-tiers target in application network security rule (#342)
Browse files Browse the repository at this point in the history 
* Change apptier to have multiple app tiers in app security policy

* Doc changes

* Doc changes

* flake8 fixes

* sanity fixes
  • Loading branch information
@bhati-pradeep
bhati-pradeep authored Jun 13, 2023
1 parent c29f02c commit 676d2c8
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 15 deletions.
4 changes: 2 additions & 2 deletions plugins/module_utils/prism/security_rules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ def _build_spec_rule(self, payload, value):
]
if categories.get("apptype"):
params["AppType"] = [categories["apptype"]]
if categories.get("apptier"):
params["AppTier"] = [categories.get("apptier")]
if categories.get("apptiers"):
params["AppTier"] = categories.get("apptiers")
if value["target_group"].get("default_internal_policy"):
target_group["default_internal_policy"] = value["target_group"][
"default_internal_policy"
Expand Down
29 changes: 19 additions & 10 deletions plugins/modules/ntnx_security_rules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,9 +102,12 @@
apptype_filter_by_category:
description: A category key and value.
type: dict
apptier:
description: A category value.
type: str
apptiers:
description:
- List of AppTier category values
- C(apptier) is deprecated
type: list
elements: str
adgroup:
description:
- A category value.
Expand Down Expand Up @@ -357,9 +360,12 @@
apptype_filter_by_category:
description: A category key and value.
type: dict
apptier:
description: A category value.
type: str
apptiers:
description:
- List of AppTier category values
- C(apptier) is deprecated
type: list
elements: str
adgroup:
description:
- A category value.
Expand Down Expand Up @@ -612,9 +618,12 @@
apptype_filter_by_category:
description: A category key and value.
type: dict
apptier:
description: A category value.
type: str
apptiers:
description:
- List of AppTier category values
- C(apptier) is deprecated
type: list
elements: str
adgroup:
description:
- A category value.
Expand Down Expand Up @@ -1105,7 +1114,7 @@ def get_module_spec():
categories_spec = dict(
apptype=dict(type="str"),
apptype_filter_by_category=dict(type="dict"),
apptier=dict(type="str"),
apptiers=dict(type="list", elements="str"),
adgroup=dict(type="str"),
)

Expand Down
15 changes: 12 additions & 3 deletions tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@
apptype_filter_by_category:
AppFamily:
- Backup
apptier: Default
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"

default_internal_policy: DENY_ALL

inbounds:
Expand Down Expand Up @@ -72,13 +75,15 @@
register: result
ignore_errors: true


- name: Creation Status
assert:
that:
- result.response is defined
- result.failed == false
- result.response.status.state == 'COMPLETE'
- result.response.spec.name=="test_app_rule"
- result.response.status.name=="test_app_rule"
- result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2
fail_msg: ' fail: unable to create app security rule with inbound and outbound list'
success_msg: 'pass: create app security rule with inbound and outbound list successfully'

Expand Down Expand Up @@ -140,7 +145,9 @@
apptype_filter_by_category:
AppFamily:
- Backup
apptier: Default
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"
default_internal_policy: DENY_ALL
allow_all_outbounds: true
allow_all_inbounds: true
Expand All @@ -157,6 +164,8 @@
- result.failed == false
- result.response.status.state == 'COMPLETE'
- result.response.spec.name=="test_app_rule"
- result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2

fail_msg: ' fail: unable to create app security rule with allow all inbound and outbound list'
success_msg: 'pass: create app security rule with allow all inbound and outbound list successfully'
- name: delete app security rule
Expand Down

0 comments on commit 676d2c8

Please sign in to comment.