saltext.vmware.states.vmc_nat_rules#
VMC nat rules state module
Add new nat rule, update existing nat rule and delete existing nat rule from an SDDC.
Example usage :
ensure_nat_rule:
vmc_nat_rules.present:
- hostname: sample-nsx.vmwarevmc.com
- refresh_key: 7jPSGSZpCa8e5Ouks4UY5cZyOtynAhF
- authorization_host: console-stg.cloud.vmware.com
- org_id: 10e1092f-51d0-473a-80f8-137652c39fd0
- sddc_id: b43da080-2626-f64c-88e8-7f31d9d2c306
- domain_id: mgw
- nat_rule: vCenter_Inbound_Rule_2
- verify_ssl: False
- cert: /path/to/client/certificate
- source_network: "10.117.5.73"
- translated_network: "192.168.1.1"
Warning
It is recommended to pass the VMC authentication details using Pillars rather than specifying as plain text in SLS files.
- saltext.vmware.states.vmc_nat_rules.present(name, hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None, action=None, destination_network=None, source_network=None, translated_network=None, translated_ports='USER_DEFINED_NONE', scope=None, service=None, enabled=None, firewall_match=None, logging=None, description=None, tags='USER_DEFINED_NONE', sequence_number=None, display_name=None)[source]#
Ensure a given nat rule exists for given SDDC
- hostname
The host name of NSX-T manager
- refresh_key
API Token of the user which is used to get the Access Token required for VMC operations
- authorization_host
Hostname of the VMC cloud console
- org_id
The Id of organization to which the SDDC belongs to
- sddc_id
The Id of SDDC for which the nat rules should be added
- domain_id
The domain_id for which the nat rules should belongs to. Possible values: mgw, cgw
- nat_rule
Id of the nat rule to be added to SDDC
- verify_ssl
(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.
- cert
(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.
- action
specify type of nat rule it can have value REFLEXIVE, DNAT
- REFLEXIVE nat rule require
source_network translated_network service should be empty translated_ports should be None
- DNAT Rule require
service destination_network translated_network translated_ports source_network can be None or input network.
- destination_network
- Represents the destination network
This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.
- scope
Array of policy paths of labels, ProviderInterface, NetworkInterface
- service
Represents the service on which the NAT rule will be applied
- source_network
- Represents the source network address
This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.
- translated_network
Represents the translated network address
This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets.
- translated_ports
Port number or port range
Please note, if there is service configured in this NAT rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored.
- enabled
(Optional) Policy nat rule enabled flag
The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.
- firewall_match
(Optional) Represents the firewall match flag
It indicates how the firewall matches the address after NATing if firewall stage is not skipped. possible values: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS Default: “MATCH_INTERNAL_ADDRESS”
- logging
- (Optional) Policy nat rule logging flag
default: False
- description
(Optional) Description of of nat rule
- tags
(Optional) Opaque identifiers meaningful to the API user. Maximum 30 tags can be associated:
tags: - tag: <tag-key-1> scope: <tag-value-1> - tag: <tag-key-2> scope: <tag-value-2>
- sequence_number
- (Optional) Sequence number of the nat rule
The sequence_number decides the rule_priority of a NAT rule. default: 0 type: int
- display_name
Identifier to use when displaying entity in logs or GUI. This is applicable for only update scenario. For create scenario, display_name would be same as rule_id.
Example Values:
action: REFLEXIVE translated_network: 10.182.171.36 translated_ports: null destination_network: '' source_network: 192.168.1.23 sequence_number: 0 service: '' logging: false enabled: false scope: - /infra/labels/cgw-public tags: - tag: tag1 scope: scope1 description: '' firewall_match: MATCH_INTERNAL_ADDRESS
- saltext.vmware.states.vmc_nat_rules.absent(name, hostname, refresh_key, authorization_host, org_id, sddc_id, tier1, nat, nat_rule, verify_ssl=True, cert=None)[source]#
Ensure a given nat rule does not exist on given SDDC
- hostname
The host name of NSX-T manager
- refresh_key
API Token of the user which is used to get the Access Token required for VMC operations
- authorization_host
Hostname of the VMC cloud console
- org_id
The Id of organization to which the SDDC belongs to
- sddc_id
The Id of SDDC from which the nat rule should be deleted
- domain_id
The domain_id for which the nat rules should belongs to. Possible values: mgw, cgw
- nat_rule
Id of the nat rule to be deleted from SDDC
- verify_ssl
(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.
- cert
(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.