brandon/dfw_automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
24ff9fd2fc7b0507d1c9dd3ac5dba887d8b34edd
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
fultonbr 24ff9fd2fc On branch main 
Initial commit

 Changes to be committed:
	new file:   README.md
	new file:   abx/apply_nsx_tags_for_tiers/README.md
	new file:   abx/apply_nsx_tags_for_tiers/action.py
	new file:   abx/list_vcenter_vms/README.md
	new file:   abx/list_vcenter_vms/action.py
	new file:   abx/send_email/README.md
	new file:   abx/send_email/action.py
	new file:   blueprints/forms/vdefend-form.json
	new file:   blueprints/vdefend-form-driven.yaml
2025-09-18 09:40:08 -05:00
abx
On branch main
2025-09-18 09:40:08 -05:00
blueprints
On branch main
2025-09-18 09:40:08 -05:00
README.md
On branch main
2025-09-18 09:40:08 -05:00

README.md

vDefend Form-Driven Blueprint (VCF Automation 9)

This package contains:

  • blueprints/vdefend-form-driven.yaml — Cloud Template that calls Terraform to create vDefend groups/services/rules.
  • blueprints/forms/vdefend-form.json — Custom Form draft that pulls vCenter VMs via ABX and parses CSV ports.
  • ABX actions:
    • list_vcenter_vms — exposes vCenter inventory for the form.
    • apply_nsx_tags_for_tiers — tags selected VMs with tier and env.
    • send_email — generic SMTP mailer.

Wiring overview

  1. Create ABX actions (Python 3):

    • list_vcenter_vms: set constants VCENTER_SERVER, VCENTER_USERNAME, VCENTER_PASSWORD.
    • apply_nsx_tags_for_tiers: none (reads blueprint inputs).
    • send_email: set constants SMTP_HOST (and optionally user/pass).

  2. Import the Terraform module (re-use the vdefend_baseline_module from the previous kit, or point the blueprint to your Git path).

  3. Create the Cloud Template from vdefend-form-driven.yaml. Map nsx_* inputs to Project Secrets.

  4. Attach Custom Form:

    • Import vdefend-form.json into the Form Designer for this template.
    • Change the data source actionId on vm_web, vm_app, vm_db to the actual ABX ID of list_vcenter_vms.

  5. Event Subscriptions:

    • Create a subscription: Event = Deployment Completed, Filter by blueprint name = vdefend-form-driven.
    • Add two actions in order:
      1. apply_nsx_tags_for_tiers — Map inputs from the deployment inputs (vm_web, vm_app, vm_db, env_value, nsx_manager_url, nsx_username, nsx_password).
      2. send_email — Build body and to_email using deployment inputs/outputs:
        • to_email = requester_email
        • subject = "vDefend policy created: " + app_name
        • body example: 
          Application: ${app_name}
Environment: ${env_value}

NSX Section: ${outputs.sectionPath}
Groups:
  Web: ${outputs.groups.web}
  App: ${outputs.groups.app}
  DB : ${outputs.groups.db}

Ports:
  Web->App: ${inputs.ports_web_to_app}
  App->DB : ${inputs.ports_app_to_db}

Notes

  • The policy is tag-driven. After deployment, the ABX action tags your selected VMs: {tier:web|app|db} and {env:<value>}. The groups in NSX will immediately include them.
  • To extend rules, add more arrays (e.g., ports_web_to_db) and mirror them in the Terraform module.
  • For strict change control, protect the section with a lock or maintain via GitOps-only.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 30 KiB
Languages
Python 100%