brandon/dfw_automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24ff9fd2fc7b0507d1c9dd3ac5dba887d8b34edd
dfw_automation/README.md
fultonbr 24ff9fd2fc On branch main 
Initial commit

 Changes to be committed:
	new file:   README.md
	new file:   abx/apply_nsx_tags_for_tiers/README.md
	new file:   abx/apply_nsx_tags_for_tiers/action.py
	new file:   abx/list_vcenter_vms/README.md
	new file:   abx/list_vcenter_vms/action.py
	new file:   abx/send_email/README.md
	new file:   abx/send_email/action.py
	new file:   blueprints/forms/vdefend-form.json
	new file:   blueprints/vdefend-form-driven.yaml
2025-09-18 09:40:08 -05:00

53 lines
2.5 KiB
Markdown
Raw Blame History

# vDefend Form-Driven Blueprint (VCF Automation 9)
This package contains:
- `blueprints/vdefend-form-driven.yaml` — Cloud Template that calls Terraform to create vDefend groups/services/rules.
- `blueprints/forms/vdefend-form.json` — Custom Form draft that pulls vCenter VMs via ABX and parses CSV ports.
- ABX actions:
- `list_vcenter_vms` — exposes vCenter inventory for the form.
- `apply_nsx_tags_for_tiers` — tags selected VMs with `tier` and `env`.
- `send_email` — generic SMTP mailer.
## Wiring overview
1) **Create ABX actions** (Python 3):
- `list_vcenter_vms`: set constants `VCENTER_SERVER`, `VCENTER_USERNAME`, `VCENTER_PASSWORD`.
- `apply_nsx_tags_for_tiers`: none (reads blueprint inputs).
- `send_email`: set constants `SMTP_HOST` (and optionally user/pass).
2) **Import the Terraform module** (re-use the `vdefend_baseline_module` from the previous kit, or point the blueprint to your Git path).
3) **Create the Cloud Template** from `vdefend-form-driven.yaml`. Map `nsx_*` inputs to **Project Secrets**.
4) **Attach Custom Form**:
- Import `vdefend-form.json` into the Form Designer for this template.
- Change the data source `actionId` on `vm_web`, `vm_app`, `vm_db` to the actual ABX ID of `list_vcenter_vms`.
5) **Event Subscriptions**:
- Create a subscription: **Event = Deployment Completed**, **Filter by blueprint name = vdefend-form-driven**.
- Add two actions in order:
1. `apply_nsx_tags_for_tiers` — Map inputs from the deployment inputs (`vm_web`, `vm_app`, `vm_db`, `env_value`, `nsx_manager_url`, `nsx_username`, `nsx_password`).
2. `send_email` — Build `body` and `to_email` using deployment inputs/outputs:
- `to_email = requester_email`
- `subject = "vDefend policy created: " + app_name`
- `body` example:
```
Application: ${app_name}
Environment: ${env_value}
NSX Section: ${outputs.sectionPath}
Groups:
Web: ${outputs.groups.web}
App: ${outputs.groups.app}
DB : ${outputs.groups.db}
Ports:
Web->App: ${inputs.ports_web_to_app}
App->DB : ${inputs.ports_app_to_db}
```
## Notes
- The policy is tag-driven. After deployment, the ABX action tags your selected VMs: `{tier:web|app|db}` and `{env:<value>}`. The groups in NSX will immediately include them.
- To extend rules, add more arrays (e.g., `ports_web_to_db`) and mirror them in the Terraform module.
- For strict change control, protect the section with a **lock** or maintain via GitOps-only.
Reference in New Issue View Git Blame Copy Permalink