brandon/dfw_automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24ff9fd2fc7b0507d1c9dd3ac5dba887d8b34edd
dfw_automation/README.md
fultonbr 24ff9fd2fc On branch main 
Initial commit

 Changes to be committed:
	new file:   README.md
	new file:   abx/apply_nsx_tags_for_tiers/README.md
	new file:   abx/apply_nsx_tags_for_tiers/action.py
	new file:   abx/list_vcenter_vms/README.md
	new file:   abx/list_vcenter_vms/action.py
	new file:   abx/send_email/README.md
	new file:   abx/send_email/action.py
	new file:   blueprints/forms/vdefend-form.json
	new file:   blueprints/vdefend-form-driven.yaml
2025-09-18 09:40:08 -05:00

2.5 KiB
Raw Blame History

vDefend Form-Driven Blueprint (VCF Automation 9)

This package contains:

  • blueprints/vdefend-form-driven.yaml — Cloud Template that calls Terraform to create vDefend groups/services/rules.
  • blueprints/forms/vdefend-form.json — Custom Form draft that pulls vCenter VMs via ABX and parses CSV ports.
  • ABX actions:
    • list_vcenter_vms — exposes vCenter inventory for the form.
    • apply_nsx_tags_for_tiers — tags selected VMs with tier and env.
    • send_email — generic SMTP mailer.

Wiring overview

  1. Create ABX actions (Python 3):

    • list_vcenter_vms: set constants VCENTER_SERVER, VCENTER_USERNAME, VCENTER_PASSWORD.
    • apply_nsx_tags_for_tiers: none (reads blueprint inputs).
    • send_email: set constants SMTP_HOST (and optionally user/pass).

  2. Import the Terraform module (re-use the vdefend_baseline_module from the previous kit, or point the blueprint to your Git path).

  3. Create the Cloud Template from vdefend-form-driven.yaml. Map nsx_* inputs to Project Secrets.

  4. Attach Custom Form:

    • Import vdefend-form.json into the Form Designer for this template.
    • Change the data source actionId on vm_web, vm_app, vm_db to the actual ABX ID of list_vcenter_vms.

  5. Event Subscriptions:

    • Create a subscription: Event = Deployment Completed, Filter by blueprint name = vdefend-form-driven.
    • Add two actions in order:
      1. apply_nsx_tags_for_tiers — Map inputs from the deployment inputs (vm_web, vm_app, vm_db, env_value, nsx_manager_url, nsx_username, nsx_password).
      2. send_email — Build body and to_email using deployment inputs/outputs:
        • to_email = requester_email
        • subject = "vDefend policy created: " + app_name
        • body example: 
          Application: ${app_name}
Environment: ${env_value}

NSX Section: ${outputs.sectionPath}
Groups:
  Web: ${outputs.groups.web}
  App: ${outputs.groups.app}
  DB : ${outputs.groups.db}

Ports:
  Web->App: ${inputs.ports_web_to_app}
  App->DB : ${inputs.ports_app_to_db}

Notes

  • The policy is tag-driven. After deployment, the ABX action tags your selected VMs: {tier:web|app|db} and {env:<value>}. The groups in NSX will immediately include them.
  • To extend rules, add more arrays (e.g., ports_web_to_db) and mirror them in the Terraform module.
  • For strict change control, protect the section with a lock or maintain via GitOps-only.
Reference in New Issue View Git Blame Copy Permalink