nsx

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2023 License: Apache-2.0 Imports: 43 Imported by: 8

Documentation

Index

Constants

View Source
const (
	VPC = iota
	SecurityPolicy
	ServiceAccount
	ServiceAccountRestore
	ServiceAccountCertRotation
	StaticRoute
	VpcAviRule
	AllFeatures
)

Variables

View Source
var FeaturesName = [AllFeatures]string{"VPC", "SECURITY_POLICY", "NSX_SERVICE_ACCOUNT", "NSX_SERVICE_ACCOUNT_RESTORE", "NSX_SERVICE_ACCOUNT_CERT_ROTATION", "STATIC_ROUTE", "VPC_AVI_RULE"}

Functions

This section is empty.

Types

type Client

type Client struct {
	NsxConfig     *config.NSXOperatorConfig
	RestConnector *client.RestConnector

	QueryClient    search.QueryClient
	GroupClient    domains.GroupsClient
	SecurityClient domains.SecurityPoliciesClient
	RuleClient     security_policies.RulesClient
	InfraClient    nsx_policy.InfraClient

	ClusterControlPlanesClient enforcement_points.ClusterControlPlanesClient
	HostTransPortNodesClient   enforcement_points.HostTransportNodesClient
	SubnetStatusClient         subnets.StatusClient
	RealizedEntitiesClient     realized_state.RealizedEntitiesClient
	MPQueryClient              mpsearch.QueryClient
	CertificatesClient         trust_management.CertificatesClient
	PrincipalIdentitiesClient  trust_management.PrincipalIdentitiesClient
	WithCertificateClient      principal_identities.WithCertificateClient

	// for AVI security policy rule
	VPCSecurityClient vpcs.SecurityPoliciesClient
	VPCRuleClient     vpc_sp.RulesClient

	OrgRootClient       nsx_policy.OrgRootClient
	ProjectInfraClient  projects.InfraClient
	VPCClient           projects.VpcsClient
	IPBlockClient       infra.IpBlocksClient
	StaticRouteClient   vpcs.StaticRoutesClient
	NATRuleClient       nat.NatRulesClient
	VpcGroupClient      vpcs.GroupsClient
	PortClient          subnets.PortsClient
	PortStateClient     ports.StateClient
	IPPoolClient        subnets.IpPoolsClient
	IPAllocationClient  ip_pools.IpAllocationsClient
	SubnetsClient       vpcs.SubnetsClient
	RealizedStateClient realized_state.RealizedEntitiesClient

	NSXChecker    NSXHealthChecker
	NSXVerChecker NSXVersionChecker
}

func GetClient

func GetClient(cf *config.NSXOperatorConfig, client *http.Client) *Client

func (*Client) FeatureEnabled added in v0.0.3

func (client *Client) FeatureEnabled(feature int) bool

func (*Client) NSXCheckVersion

func (client *Client) NSXCheckVersion(feature int) bool

type Cluster

type Cluster struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Cluster consists of endpoint and provides http.Client used to send http requests.

func NewCluster

func NewCluster(config *Config, client *http.Client) (*Cluster, error)

NewCluster creates a cluster based on nsx Config.

func (*Cluster) GetVersion

func (cluster *Cluster) GetVersion() (*NsxVersion, error)

func (*Cluster) Health

func (cluster *Cluster) Health() ClusterHealth

Health checks cluster health status.

func (*Cluster) NewRestConnector

func (cluster *Cluster) NewRestConnector() (*policyclient.RestConnector, *HeaderConfig)

NewRestConnector creates a RestConnector used for SDK client. HeaderConfig is used to use http header for request, it could be ignored if no extra header needed.

type ClusterHealth

type ClusterHealth string

ClusterHealth indicates cluster status.

const (
	// RED means all endpoints status are DOWN.
	RED ClusterHealth = "RED"
	// ORANGE means not all endpoints status are UP.
	ORANGE ClusterHealth = "ORANGE"
	// GREEN means endpoints status are UP.
	GREEN ClusterHealth = "GREEN"
)

type Config

type Config struct {
	// List of IP addresses of the NSX managers. Each address should be of the form:[<scheme>://]<ip_address>[:<port>]
	// If scheme is not provided https is used. If port is not provided port 80 is used for http and port 443 for
	// https.
	APIManagers []string
	// User name for the NSX manager.
	Username string
	// Password for the NSX manager.
	Password string
	// Specify a CA bundle file to use in verifying the NSX Manager server certificate. This option is ignored if
	// "Insecure" is set to True. If "Insecure" is set to False and "CAFile" is unset, the "Thumbprint" will be used.
	// If "Thumbprint" is unset, the system root CAs will be used to verify the server certificate.
	CAFile []string
	// Specify a Thumbprint string to use in verifying the NSX Manager server certificate. This option is ignored
	// if "Insecure" is set to True or "CAFile" is defined.
	Thumbprint []string
	// Maximum concurrent connections to each NSX manager.
	ConcurrentConnections int
	// If True, the client will retry requests failed on "Too many requests" error.
	Retries int
	// The time in seconds before aborting a HTTP connection to a NSX manager.
	HTTPTimeout int
	// The amount of time in seconds to wait before ensuring connectivity to the NSX manager if no manager connection
	// has been used.
	ConnIdleTimeout int
	// If true, the NSX Manager server certificate is not verified. If false the CA bundle specified via "CAFile"
	// will be used or if unset the "Thumbprint" will be used. If "Thumbprint" is unset, the default system root CAs
	// will be used.
	Insecure bool
	// If True, a default header of X-Allow-Overwrite:true will be added to all the requests, to allow admin user to
	// update/delete all entries.
	AllowOverwriteHeader bool
	// If True, use nsx manager api for cases which are not supported by the policy manager api.
	AllowPassThrough bool
	// Algorithm used to adaptively adjust max API rate limit. If not set, the max rate will not be automatically
	// changed. If set to 'AIMD', max API rate will be increase by 1 after successful calls that was blocked before
	// sent, and will be decreased by half after 429/503 error for each period. The rate has hard max limit of
	// min(100/s, param api_rate_limit_per_endpoint).
	APIRateMode ratelimiter.Type
	// None, or instance of implemented AbstractJWTProvider which will return the JSON Web Token used in the requests
	// in NSX for authorization.
	TokenProvider auth.TokenProvider
	// None, or ClientCertProvider object. If specified, client cert will be used instead of basic authentication.
	ClientCertProvider auth.ClientCertProvider
}

Config holds all the configuration parameters used by the nsx code.

func NewConfig

func NewConfig(apiManagers, username, password string, caFile []string, concurrentConnections, retries, httpTimeout, connIdleTimeout int, insecure, allowOverwriteHeader, allowPassThrough bool, apiRateMode ratelimiter.Type, tokenProvider auth.TokenProvider, clientCertProvider auth.ClientCertProvider, thumbprint []string) *Config

NewConfig creates a nsx configuration. It provides default values for those items not in function parameters.

type Endpoint

type Endpoint struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Endpoint represents one nsx-t manager. It will run a go routine to check nsx-t manager status. It also maintains connection number to nsx-t manager.

func NewEndpoint

func NewEndpoint(url string, client *http.Client, noBClient *http.Client, r ratelimiter.RateLimiter, tokenProvider auth.TokenProvider) (*Endpoint, error)

NewEndpoint creates an endpoint.

func (*Endpoint) ConnNumber

func (ep *Endpoint) ConnNumber() int

ConnNumber get the connection number of nsx-t.

func (*Endpoint) KeepAlive

func (ep *Endpoint) KeepAlive()

KeepAlive maintains a heart beat for each endpoint.

func (*Endpoint) Status

func (ep *Endpoint) Status() EndpointStatus

Status return status of endpoint.

func (*Endpoint) UpdateHttpRequestAuth

func (ep *Endpoint) UpdateHttpRequestAuth(request *http.Request) error

func (*Endpoint) XSRFToken

func (ep *Endpoint) XSRFToken() string

XSRFToken gets XsrfToken.

type EndpointStatus

type EndpointStatus string

EndpointStatus is endpoint status.

const (
	// UP means endpoint is available.
	UP EndpointStatus = "UP"
	// DOWN means endpoint is not available.
	DOWN EndpointStatus = "DOWN"
)

type HeaderConfig

type HeaderConfig struct {
	// contains filtered or unexported fields
}

HeaderConfig updates http request header.

func CreateHeaderConfig

func CreateHeaderConfig(xAllowOverwrite bool, nsxEnablePartialPatch bool, configXallowOverwrite bool) *HeaderConfig

CreateHeaderConfig creates HeaderConfig.

func (*HeaderConfig) Done

func (headerConfig *HeaderConfig) Done(connector *client.RestConnector)

Done updates request process of RestConnector.

func (*HeaderConfig) Process

func (headerConfig *HeaderConfig) Process(req *http.Request) error

Process adds header to http.Request depending on configuration.

func (*HeaderConfig) SetConfigXallowOverwrite

func (headerConfig *HeaderConfig) SetConfigXallowOverwrite(value bool) *HeaderConfig

SetConfigXallowOverwrite sets configXallowOverwrite.

func (*HeaderConfig) SetNSXEnablePartialPatch

func (headerConfig *HeaderConfig) SetNSXEnablePartialPatch(value bool) *HeaderConfig

SetNSXEnablePartialPatch sets NSXEnablePartialPatch.

func (*HeaderConfig) SetXAllowOverrite

func (headerConfig *HeaderConfig) SetXAllowOverrite(value bool) *HeaderConfig

SetXAllowOverrite sets XAllowoverrite.

type Jar

type Jar struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Jar holds cookie from different host

func NewJar

func NewJar() *Jar

NewJar creates a jar

func (*Jar) Cookies

func (jar *Jar) Cookies(u *url.URL) []*http.Cookie

Cookies returns cookies of an url

func (*Jar) SetCookies

func (jar *Jar) SetCookies(u *url.URL, cookies []*http.Cookie)

SetCookies sets cookies of an url

type NSXHealthChecker

type NSXHealthChecker struct {
	// contains filtered or unexported fields
}

func (*NSXHealthChecker) CheckNSXHealth

func (ck *NSXHealthChecker) CheckNSXHealth(req *http.Request) error

type NSXVersionChecker

type NSXVersionChecker struct {
	// contains filtered or unexported fields
}

type NsxVersion

type NsxVersion struct {
	NodeVersion string `json:"node_version"`
}

func (*NsxVersion) Validate

func (nsxVersion *NsxVersion) Validate() error

type Transport

type Transport struct {
	Base http.RoundTripper
	// contains filtered or unexported fields
}

Transport is used in http.Client to replace default implement. It selects the endpoint before sending HTTP reqeust and it will retry the request based on HTTP response.

func (*Transport) RoundTrip

func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error)

RoundTrip is the core of the transport. It accepts a request, replaces host with the URl provided by the endpoint. It will block the request if the speed is too fast. It will retry the request if nsx-t returns error and error type is retriable or ground It returns the response to the caller.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL