Hi,
I'm trying to create a few simple Edge Gateway firewalls rule in vCloud Air using the following:
# Variables
$region = "de-ge"
$regionstar = $region + "*"
$credential = Get-Credential
# Connect to vCloud Air
Connect-PIServer -vCA -credential $credential -WarningAction 0 -ErrorAction 0
# Connect to compute instance
Get-PIComputeInstance -Region $regionstar | Connect-PIComputeInstance -WarningAction 0 -ErrorAction 0
# Select Edge Services Gateway
$edgeGateway = Search-Cloud -QueryType edgegateway | Where-Object {$_.Name -eq "gateway"}
# Generate view
$edgeView = $edgeGateway | Get-CIView
# Item to Configure Services
$edgeView.Configuration.EdgeGatewayServiceConfiguration
# Begin configuration
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
Ipcsv -path $csvFile | ForEach {
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$rowNum = $_.Num -as [int]
$fwService.FirewallRule[$rowNum].Id = $_.Num
$fwService.FirewallRule[$rowNum].description = $_.Descr
$fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
switch ($_.Proto)
{
"tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
"udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
"any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
}
$fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
if ($_.SrcPort -eq "any" ){
$srcPort = "-1"
} else {
$srcPort = $_.SrcPort
}
$fwService.FirewallRule[$rowNum].sourceport = $srcPort
$fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
$fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
$fwService.FirewallRule[$rowNum].policy = $_.Policy
$fwService.FirewallRule[$rowNum].direction = $_.Direction
$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
$fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
$fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
}
# Apply rules
$edgeView.ConfigureServices($fwservice)
# Disconnect from vCloud Air
Disconnect-PIServer -Confirm:$false
CSV consists of:
Num,Descr,Proto,SrcIP,SrcPort,DstIP,DstPortRange,Policy,Direction,MatchOnTranslate,isEnabled,EnableLogging
0,Allow SSH in,tcp,any,any,192.168.109.0/24,22,allow,in,true,true,false
1,Allow HTTP in,tcp,any,any,192.168.109.0/24,80,allow,in,true,true,false
2,Allow all outgoing,any,any,any,any,any,allow,out,true,true,false
However I get the following error:
Exception calling "ConfigureServices" with "1" argument(s): "Bad request - Unexpected JAXB Exception - cvc-complex-type.2.4.b: The content of element 'q1:FirewallRule' is not complete. One of
'{"http://www.vmware.com/vcloud/v1.5":VCloudExtension, "http://www.vmware.com/vcloud/v1.5":Id, "http://www.vmware.com/vcloud/v1.5":IsEnabled, "http://www.vmware.com/vcloud/v1.5":MatchOnTranslate,
"http://www.vmware.com/vcloud/v1.5":Description, "http://www.vmware.com/vcloud/v1.5":Policy, "http://www.vmware.com/vcloud/v1.5":Protocols, "http://www.vmware.com/vcloud/v1.5":IcmpSubType, "http://www.vmware.com/vcloud/v1.5":Port,
"http://www.vmware.com/vcloud/v1.5":DestinationPortRange, "http://www.vmware.com/vcloud/v1.5":DestinationIp, "http://www.vmware.com/vcloud/v1.5":DestinationVm}' is expected."
At C:\Users\mark\Dropbox\runme.ps1:41 char:1
+ $edgeView.ConfigureServices($fwService)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CloudException
Obviously I'm missing something. Any ideas what it could be?
Any help is greatly appreciated,
-Mark
I didn't have a chance to look at the code but I wondered if you saw my module here, i wrote some code for shield edge manipulation and i think i remember trying it against vCloud air and it working with some adjustments, if you have time check out the code here: http://www.virtu-al.net/2012/01/04/vmware-vshield-powershell-module/
If it doesn't help let me know and I will try and find time to look at this properly.