-
-
Save gowatana/b44658341b5998c02da7e7d5be13c198 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add VDC Edge Gateway DNAT Rule | |
# Author: gowatana | |
# Usage: | |
# PS> Connect-CIServer -Server $vcd_address -Org $org_name -Credential (Get-Credential) | |
# PS> ./12_add_edge_gateway_nat_rule.ps1 ./config.ps1 | |
# API Refelence: | |
# https://developer.vmware.com/apis/vmware-cloud-director/v37.2/edge-gateway-nat-rule/ | |
$config_ps1_file = $args[0] | |
if($args.Count -ne 1){"Config .ps1 NOT found."; exit 1} | |
Get-ChildItem -ErrorAction:Ignore $config_ps1_file | Out-Null | |
if($? -eq $false){"Config $config_ps1_file NOT found."; exit 1} | |
. $config_ps1_file | |
Add-Type @" | |
using System.Net; | |
using System.Security.Cryptography.X509Certificates; | |
public class TrustAllCertsPolicy : ICertificatePolicy { | |
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { | |
return true; | |
} | |
} | |
"@ | |
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy | |
function create_edge_gateway_dnat_rules_json(){ | |
param( | |
[Parameter(Mandatory=$true)]$nat_rule_name, | |
[Parameter(Mandatory=$true)]$external_addresses, | |
[Parameter(Mandatory=$true)]$internal_addresses | |
) | |
$json = @' | |
{ | |
"name": "DNAT RULE NAME", | |
"description": null, | |
"enabled": true, | |
"ruleType": "DNAT", | |
"type": "DNAT", | |
"applicationPortProfile": null, | |
"externalAddresses": "externalAddresses", | |
"internalAddresses": "internalAddresses", | |
"dnatExternalPort": null, | |
"logging": false, | |
"systemRule": false, | |
"snatDestinationAddresses": null, | |
"firewallMatch": "BYPASS", | |
"priority": 0 | |
} | |
'@ | ConvertFrom-Json | |
$json.name = $nat_rule_name | |
$json.externalAddresses = $external_addresses | |
$json.internalAddresses = $internal_addresses | |
$json | ConvertTo-Json | |
} | |
function get_edge_gateway_nat_rules (){ | |
param( | |
[Parameter(Mandatory=$true)]$edge_gateway | |
) | |
$vcd_instance = $global:DefaultCIServers | |
$edge_view = $edge_gateway | Get-CIView | |
$edge_id = $edge_view.id | |
$url = "https://" + $vcd_instance.name + "/cloudapi/1.0.0/edgeGateways/" + $edge_id + "/nat/rules" | |
$headers = @{ | |
"accept"="application/json;version=37.0"; | |
"Authorization" = $global:DefaultCIServers.SessionSecret | |
} | |
$edge_nat_rules = Invoke-WebRequest -Method Get -Headers $headers -Uri $url | |
return ($edge_nat_rules.Content | ConvertFrom-Json).values | |
} | |
function add_edge_gateway_nat_rule (){ | |
param( | |
[Parameter(Mandatory=$true)]$edge_gateway, | |
[Parameter(Mandatory=$true)]$data_json | |
) | |
$vcd_instance = $global:DefaultCIServers | |
$edge_view = $edge_gateway | Get-CIView | |
$edge_id = $edge_view.id | |
$url = "https://" + $vcd_instance.name + "/cloudapi/1.0.0/edgeGateways/" + $edge_id + "/nat/rules" | |
$headers = @{ | |
"Accept" = "application/json;version=37.0"; | |
"Content-Type" = "application/json"; | |
"Authorization" = $global:DefaultCIServers.SessionSecret | |
} | |
Invoke-WebRequest -Method Post -Headers $headers -Body $data_json -Uri $url | |
} | |
# Check for Existed NAT Rules | |
$edge_gateway = Get-EdgeGateway -OrgVdc $vdc_name -Name $edge_gateway_name | |
$nat_rules = get_edge_gateway_nat_rules $edge_gateway | |
$nat_rule = $nat_rules | where {$_.name -eq $nat_rule_name} | |
if($nat_rule.Count -ge 1){ | |
Write-Host "NAT Rule already exists: $nat_rule_name" | |
Write-Host "NAT Rule IDs:" | |
$nat_rule.id | |
exit | |
} | |
Write-Host "Create Edge NAT Rule JSON: $nat_rule_name" | |
$json = create_edge_gateway_dnat_rules_json $nat_rule_name $external_addresses $internal_addresses | |
$json | |
Write-Host "Add Edge Firewall Rule: $nat_rule_name" | |
$res = add_edge_gateway_nat_rule $edge_gateway $json | |
Write-Host ("StatusCode:" + $res.StatusCode) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
下記の投稿むけ。
VMware Cloud Director 10.4 を PowerCLI で操作してみる。Part-06 Edge Gateway NAT Rule の操作https://vm.gowatana.jp/entry/2023/05/09/021920