saltext.vmware.modules.vmc_nat_rules#

Salt execution module for nat rules Provides methods to Create, Update, Read and Delete nat rules.

saltext.vmware.modules.vmc_nat_rules.get(hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, verify_ssl=True, cert=None, cursor=None, page_size=None, sort_by=None, sort_ascending=None)[source]#

Retrieves nat rules for Given SDDC

CLI Example:

salt vm_minion vmc_nat_rules.get hostname=nsxt-manager.local domain_id=mgw ...
hostname

The host name of NSX-T manager

refresh_key

refresh_key to get access token

authorization_host

hostname to get access token

org_id

org_id of the SDDC

sddc_id

sddc_id for which nat rules should be retrieved

tier1

tier1 option are cgw and user defined tier1

nat

nat option are USER

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser.

cursor

(Optional) Opaque cursor to be used for getting next page of records (supplied by current result page)

page_size

(Optional) Maximum number of results to return in this page. Default page size is 1000.

sort_by

(Optional) Field by which records are sorted

sort_ascending

(Optional) Boolean value to sort result in ascending order. Enabled by default.

saltext.vmware.modules.vmc_nat_rules.get_by_id(hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None)[source]#

Retrieves specific nat rule for Given SDDC

CLI Example:

salt vm_minion vmc_nat_rules.get_by_id hostname=nsxt-manager.local tier1=cgw ...
hostname

The host name of NSX-T manager

refresh_key

refresh_key to get access token

authorization_host

hostname to get access token

org_id

org_id of the SDDC

sddc_id

sddc_id for which nat rules should be retrieved

tier1

tier1 option are cgw and user defined tier1

nat

nat option are USER/default/Internal

nat_rule

id of specific nat rule

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser.

saltext.vmware.modules.vmc_nat_rules.delete(hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None)[source]#

Delete nat rules for Given SDDC

CLI Example:

salt vm_minion vmc_nat_rules.delete hostname=nsxt-manager.local tier1=cgw ...
hostname

The host name of NSX-T manager

refresh_key

refresh_key to get access token

authorization_host

hostname to get access token

org_id

org_id of the SDDC

sddc_id

sddc_id for which nat rules should be deleted

tier1

tier1 option are cgw and user defined tier1

nat

nat option are USER/default/Internal

nat_rule

id of specific nat rule

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser.

saltext.vmware.modules.vmc_nat_rules.create(hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None, action=None, destination_network=None, source_network=None, translated_network=None, translated_ports='USER_DEFINED_NONE', scope=None, service=None, enabled=None, firewall_match=None, logging=None, description=None, tags='USER_DEFINED_NONE', sequence_number=None)[source]#

Create nat rules for Given SDDC

CLI Example:

salt vm_minion vmc_nat_rules.create hostname=nsxt-manager.local tier1=cgw ...
hostname

The host name of NSX-T manager

refresh_key

refresh_key to get access token

authorization_host

hostname to get access token

org_id

org_id of the SDDC

sddc_id

sddc_id for which nat rules should be created

tier1

tier1 option are cgw and user defined tier1

nat

nat option are USER/default/Internal

nat_rule

id of specific nat rule

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser.

action

specify type of nat rule it can have value REFLEXIVE, DNAT

REFLEXIVE nat rule require

source_network translated_network service should be empty translated_ports should be None destination_network should be none

DNAT Rule require

destination_network translated_network translated_ports can be none service can be none source_network can be None or input network.

destination_network
Represents the destination network

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

source_network
Represents the source network address

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

translated_network

Represents the translated network address

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

translated_ports

Port number or port range

Please note, if there is service configured in this nat rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored.

scope

(Optional) Array of policy paths of labels, ProviderInterface, NetworkInterface If this value is not passed, then [“/infra/labels/cgw-public”] will be used by default.

service

(Optional) Represents the service on which the nat rule will be applied If this value is not passed, then empty string will be used by default.

enabled

(Optional) Policy nat rule enabled flag

The flag, which suggests whether the nat rule is enabled or disabled. The default is True.

firewall_match

(Optional) Represents the firewall match flag

It indicates how the firewall matches the address after nating if firewall stage is not skipped. possible values: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS Default: “MATCH_INTERNAL_ADDRESS”

logging
(Optional) Policy nat rule logging flag

default: False

description

(Optional) Description of nat rule

tags

(Optional) Opaque identifiers meaningful to the API user. Maximum 30 tags can be associated:

tags='[
    {
        "tag": "<tag-key-1>"
        "scope": "<tag-value-1>"
    },
    {
        "tag": "<tag-key-2>"
        "scope": "<tag-value-2>"
    }
]'
sequence_number
(Optional) Sequence number of the nat rule

The sequence_number decides the rule_priority of a nat rule. default: 0 type: int

Example values:

{
    "action": "REFLEXIVE",
    "translated_network": "10.182.171.36",
    "translated_ports": null,
    "destination_network": "",
    "source_network": "192.168.1.23",
    "sequence_number": 0,
    "service": "",
    "logging": false,
    "enabled": false,
    "scope": [
        "/infra/labels/cgw-public"
    ],
    "tags": [
        {
            "tag": "tag1",
            "scope": "scope1"
        }
    ],
    "description": "",
    "firewall_match": "MATCH_INTERNAL_ADDRESS"
}

Please refer the Nat Rule to get insight of input parameters.

saltext.vmware.modules.vmc_nat_rules.update(hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None, action=None, destination_network=None, source_network=None, translated_network=None, translated_ports='USER_DEFINED_NONE', scope=None, service=None, enabled=None, firewall_match=None, logging=None, description=None, tags='USER_DEFINED_NONE', sequence_number=None, display_name=None)[source]#

Update nat rule for Given SDDC

CLI Example:

salt vm_minion vmc_nat_rules.update hostname=nsxt-manager.local tier1=cgw ...
hostname

The host name of NSX-T manager

refresh_key

refresh_key to get access token

authorization_host

hostname to get access token

org_id

org_id of the SDDC

sddc_id

sddc_id for which nat rules should be updated

tier1

tier1 option are cgw and user defined tier1

nat

nat option are USER/default/Internal

nat_rule

id of specific nat rule

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser.

action

specify type of nat rule it can have value REFLEXIVE, DNAT

REFLEXIVE nat rule require

source_network translated_network service should be empty translated_ports should be None destination_network should be none

DNAT Rule require

destination_network translated_network translated_ports can be none service can be none source_network can be None or input network.

destination_network
Represents the destination network

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

source_network
Represents the source network address

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

translated_network

Represents the translated network address

This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.

translated_ports

Port number or port range

Please note, if there is service configured in this nat rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored.

scope

(Optional) Array of policy paths of labels, ProviderInterface, NetworkInterface If this value is not passed, then [“/infra/labels/cgw-public”] will be used by default.

service

(Optional) Represents the service on which the nat rule will be applied If this value is not passed, then empty string will be used by default.

enabled

(Optional) Policy nat rule enabled flag

The flag, which suggests whether the nat rule is enabled or disabled. The default is True.

firewall_match

(Optional) Represents the firewall match flag

It indicates how the firewall matches the address after nating if firewall stage is not skipped. possible values: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS Default: “MATCH_INTERNAL_ADDRESS”

logging
(Optional) Policy nat rule logging flag

default: False

description

(Optional) Description of nat rule

tags

(Optional) Opaque identifiers meaningful to the API user. Maximum 30 tags can be associated:

tags='[
    {
        "tag": "<tag-key-1>"
        "scope": "<tag-value-1>"
    },
    {
        "tag": "<tag-key-2>"
        "scope": "<tag-value-2>"
    }
]'
sequence_number
(Optional) Sequence number of the Nat Rule

The sequence_number decides the rule_priority of a nat rule. default: 0 type: int

display_name

Identifier to use when displaying entity in logs or GUI

Example values:

{
    "action": "REFLEXIVE",
    "translated_network": "10.182.171.36",
    "translated_ports": null,
    "destination_network": "",
    "source_network": "192.168.1.23",
    "sequence_number": 0,
    "service": "",
    "logging": false,
    "enabled": false,
    "scope": [
        "/infra/labels/cgw-public"
    ],
    "tags": [
        {
            "tag": "tag1",
            "scope": "scope1"
        }
    ],
    "description": "",
    "firewall_match": "MATCH_INTERNAL_ADDRESS"
}

Please refer the Nat Rule to get insight of input parameters