Skip to content

Instantly share code, notes, and snippets.

@gowatana
Last active May 11, 2023 22:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gowatana/b44658341b5998c02da7e7d5be13c198 to your computer and use it in GitHub Desktop.
Save gowatana/b44658341b5998c02da7e7d5be13c198 to your computer and use it in GitHub Desktop.
# Add VDC Edge Gateway DNAT Rule
# Author: gowatana
# Usage:
# PS> Connect-CIServer -Server $vcd_address -Org $org_name -Credential (Get-Credential)
# PS> ./12_add_edge_gateway_nat_rule.ps1 ./config.ps1
# API Refelence:
# https://developer.vmware.com/apis/vmware-cloud-director/v37.2/edge-gateway-nat-rule/
$config_ps1_file = $args[0]
if($args.Count -ne 1){"Config .ps1 NOT found."; exit 1}
Get-ChildItem -ErrorAction:Ignore $config_ps1_file | Out-Null
if($? -eq $false){"Config $config_ps1_file NOT found."; exit 1}
. $config_ps1_file
Add-Type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
function create_edge_gateway_dnat_rules_json(){
param(
[Parameter(Mandatory=$true)]$nat_rule_name,
[Parameter(Mandatory=$true)]$external_addresses,
[Parameter(Mandatory=$true)]$internal_addresses
)
$json = @'
{
"name": "DNAT RULE NAME",
"description": null,
"enabled": true,
"ruleType": "DNAT",
"type": "DNAT",
"applicationPortProfile": null,
"externalAddresses": "externalAddresses",
"internalAddresses": "internalAddresses",
"dnatExternalPort": null,
"logging": false,
"systemRule": false,
"snatDestinationAddresses": null,
"firewallMatch": "BYPASS",
"priority": 0
}
'@ | ConvertFrom-Json
$json.name = $nat_rule_name
$json.externalAddresses = $external_addresses
$json.internalAddresses = $internal_addresses
$json | ConvertTo-Json
}
function get_edge_gateway_nat_rules (){
param(
[Parameter(Mandatory=$true)]$edge_gateway
)
$vcd_instance = $global:DefaultCIServers
$edge_view = $edge_gateway | Get-CIView
$edge_id = $edge_view.id
$url = "https://" + $vcd_instance.name + "/cloudapi/1.0.0/edgeGateways/" + $edge_id + "/nat/rules"
$headers = @{
"accept"="application/json;version=37.0";
"Authorization" = $global:DefaultCIServers.SessionSecret
}
$edge_nat_rules = Invoke-WebRequest -Method Get -Headers $headers -Uri $url
return ($edge_nat_rules.Content | ConvertFrom-Json).values
}
function add_edge_gateway_nat_rule (){
param(
[Parameter(Mandatory=$true)]$edge_gateway,
[Parameter(Mandatory=$true)]$data_json
)
$vcd_instance = $global:DefaultCIServers
$edge_view = $edge_gateway | Get-CIView
$edge_id = $edge_view.id
$url = "https://" + $vcd_instance.name + "/cloudapi/1.0.0/edgeGateways/" + $edge_id + "/nat/rules"
$headers = @{
"Accept" = "application/json;version=37.0";
"Content-Type" = "application/json";
"Authorization" = $global:DefaultCIServers.SessionSecret
}
Invoke-WebRequest -Method Post -Headers $headers -Body $data_json -Uri $url
}
# Check for Existed NAT Rules
$edge_gateway = Get-EdgeGateway -OrgVdc $vdc_name -Name $edge_gateway_name
$nat_rules = get_edge_gateway_nat_rules $edge_gateway
$nat_rule = $nat_rules | where {$_.name -eq $nat_rule_name}
if($nat_rule.Count -ge 1){
Write-Host "NAT Rule already exists: $nat_rule_name"
Write-Host "NAT Rule IDs:"
$nat_rule.id
exit
}
Write-Host "Create Edge NAT Rule JSON: $nat_rule_name"
$json = create_edge_gateway_dnat_rules_json $nat_rule_name $external_addresses $internal_addresses
$json
Write-Host "Add Edge Firewall Rule: $nat_rule_name"
$res = add_edge_gateway_nat_rule $edge_gateway $json
Write-Host ("StatusCode:" + $res.StatusCode)
@gowatana
Copy link
Author

gowatana commented May 9, 2023

下記の投稿むけ。

VMware Cloud Director 10.4 を PowerCLI で操作してみる。Part-06 Edge Gateway NAT Rule の操作https://vm.gowatana.jp/entry/2023/05/09/021920

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment