vmware-avi 1.4.4__py3-none-any.whl

vmware_avi/__init__.py

@@ -0,0 +1,3 @@
+"""VMware AVI - AVI (NSX ALB) management and AKO Kubernetes operations."""
+
+__version__ = "1.4.4"

vmware_avi/_safety.py

@@ -0,0 +1,17 @@
+"""Safety utilities for destructive operations."""
+
+from __future__ import annotations
+
+from rich.console import Console
+
+console = Console()
+
+
+def double_confirm(action: str) -> bool:
+    """Require double confirmation for destructive operations."""
+    console.print(f"\n[bold red]WARNING: {action}[/bold red]")
+    first = console.input("  Are you sure? (yes/no): ").strip().lower()
+    if first != "yes":
+        return False
+    second = console.input("  Confirm again to proceed (yes/no): ").strip().lower()
+    return second == "yes"

vmware_avi/cli.py

@@ -0,0 +1,394 @@
+"""CLI entry point for vmware-avi.
+
+Typer-based CLI with subcommands for VS, Pool, SSL, SE, Analytics, and AKO operations.
+"""
+
+from __future__ import annotations
+
+import logging
+import sys
+from pathlib import Path
+
+import typer
+from rich.console import Console
+
+app = typer.Typer(
+    name="vmware-avi",
+    help="AVI (NSX ALB) management and AKO Kubernetes operations.",
+    no_args_is_help=True,
+)
+
+console = Console()
+
+# --- Sub-apps ---
+
+vs_app = typer.Typer(help="Virtual Service management", no_args_is_help=True)
+pool_app = typer.Typer(help="Pool member management", no_args_is_help=True)
+ssl_app = typer.Typer(help="SSL certificate management", no_args_is_help=True)
+se_app = typer.Typer(help="Service Engine management", no_args_is_help=True)
+ako_app = typer.Typer(help="AKO (Avi Kubernetes Operator) operations", no_args_is_help=True)
+
+app.add_typer(vs_app, name="vs")
+app.add_typer(pool_app, name="pool")
+app.add_typer(ssl_app, name="ssl")
+app.add_typer(se_app, name="se")
+app.add_typer(ako_app, name="ako")
+
+
+# --- Global commands ---
+
+
+@app.command()
+def doctor() -> None:
+    """Run environment diagnostics."""
+    from vmware_avi.doctor import run_doctor
+
+    ok = run_doctor()
+    raise SystemExit(0 if ok else 1)
+
+
+@app.command()
+def init() -> None:
+    """Generate config.yaml and .env templates."""
+    from vmware_avi.config import CONFIG_DIR, CONFIG_FILE, ENV_FILE
+
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+    if not CONFIG_FILE.exists():
+        template = Path(__file__).parent.parent / "config.example.yaml"
+        if template.exists():
+            CONFIG_FILE.write_text(template.read_text())
+        else:
+            CONFIG_FILE.write_text(
+                "controllers:\n"
+                "  - name: my-avi\n"
+                "    host: avi-controller.example.com\n"
+                "    username: admin\n"
+                "    api_version: '22.1.4'\n"
+                "    tenant: admin\n\n"
+                "default_controller: my-avi\n\n"
+                "ako:\n"
+                "  kubeconfig: ~/.kube/config\n"
+                "  namespace: avi-system\n"
+            )
+        console.print(f"[green]Created:[/green] {CONFIG_FILE}")
+    else:
+        console.print(f"[yellow]Exists:[/yellow] {CONFIG_FILE}")
+
+    if not ENV_FILE.exists():
+        ENV_FILE.write_text("MY_AVI_PASSWORD=changeme\n")
+        ENV_FILE.chmod(0o600)
+        console.print(f"[green]Created:[/green] {ENV_FILE} (chmod 600)")
+    else:
+        console.print(f"[yellow]Exists:[/yellow] {ENV_FILE}")
+
+
+@app.command("config")
+def config_show() -> None:
+    """Show current configuration (passwords masked)."""
+    from vmware_avi.config import load_config
+
+    try:
+        cfg = load_config()
+    except FileNotFoundError as exc:
+        console.print(f"[red]{exc}[/red]")
+        raise SystemExit(1)
+
+    console.print("\n[bold]Controllers:[/bold]")
+    for c in cfg.controllers:
+        console.print(f"  {c.name}: {c.host} (user={c.username}, tenant={c.tenant})")
+
+    console.print(f"\n[bold]Default controller:[/bold] {cfg.default_controller or '(first)'}")
+    console.print(f"\n[bold]AKO:[/bold]")
+    console.print(f"  kubeconfig: {cfg.ako.kubeconfig}")
+    console.print(f"  default_context: {cfg.ako.default_context or '(current)'}")
+    console.print(f"  namespace: {cfg.ako.namespace}")
+    console.print()
+
+
+# --- VS commands ---
+
+
+@vs_app.command("list")
+def vs_list(
+    controller: str | None = typer.Option(None, help="Controller name"),
+) -> None:
+    """List all Virtual Services."""
+    from vmware_avi.ops.vs_mgmt import list_virtual_services
+
+    list_virtual_services(controller)
+
+
+@vs_app.command("status")
+def vs_status(name: str = typer.Argument(help="Virtual Service name")) -> None:
+    """Show Virtual Service status details."""
+    from vmware_avi.ops.vs_mgmt import show_vs_status
+
+    show_vs_status(name)
+
+
+@vs_app.command("enable")
+def vs_enable(name: str = typer.Argument(help="Virtual Service name")) -> None:
+    """Enable a Virtual Service."""
+    from vmware_avi.ops.vs_mgmt import toggle_vs
+
+    toggle_vs(name, enable=True)
+
+
+@vs_app.command("disable")
+def vs_disable(name: str = typer.Argument(help="Virtual Service name")) -> None:
+    """Disable a Virtual Service (requires confirmation)."""
+    from vmware_avi.ops.vs_mgmt import toggle_vs
+
+    toggle_vs(name, enable=False)
+
+
+# --- Pool commands ---
+
+
+@pool_app.command("members")
+def pool_members(pool: str = typer.Argument(help="Pool name")) -> None:
+    """List pool members and health status."""
+    from vmware_avi.ops.pool_mgmt import list_pool_members
+
+    list_pool_members(pool)
+
+
+@pool_app.command("enable")
+def pool_enable(
+    pool: str = typer.Argument(help="Pool name"),
+    server: str = typer.Argument(help="Server IP"),
+) -> None:
+    """Enable a pool member (restore traffic)."""
+    from vmware_avi.ops.pool_mgmt import toggle_pool_member
+
+    toggle_pool_member(pool, server, enable=True)
+
+
+@pool_app.command("disable")
+def pool_disable(
+    pool: str = typer.Argument(help="Pool name"),
+    server: str = typer.Argument(help="Server IP"),
+) -> None:
+    """Disable a pool member (graceful drain, requires confirmation)."""
+    from vmware_avi.ops.pool_mgmt import toggle_pool_member
+
+    toggle_pool_member(pool, server, enable=False)
+
+
+# --- SSL commands ---
+
+
+@ssl_app.command("list")
+def ssl_list_cmd() -> None:
+    """List all SSL certificates."""
+    from vmware_avi.ops.ssl_mgmt import list_certificates
+
+    list_certificates()
+
+
+@ssl_app.command("expiry")
+def ssl_expiry(
+    days: int = typer.Option(30, help="Show certs expiring within N days"),
+) -> None:
+    """Check SSL certificate expiry."""
+    from vmware_avi.ops.ssl_mgmt import check_expiry
+
+    check_expiry(days)
+
+
+# --- SE commands ---
+
+
+@se_app.command("list")
+def se_list_cmd() -> None:
+    """List all Service Engines."""
+    from vmware_avi.ops.se_mgmt import list_service_engines
+
+    list_service_engines()
+
+
+@se_app.command("health")
+def se_health() -> None:
+    """Check Service Engine health."""
+    from vmware_avi.ops.se_mgmt import check_se_health
+
+    check_se_health()
+
+
+# --- Analytics commands ---
+
+
+@app.command("analytics")
+def analytics_cmd(vs_name: str = typer.Argument(help="Virtual Service name")) -> None:
+    """Show VS analytics (throughput, latency, errors)."""
+    from vmware_avi.ops.analytics import show_analytics
+
+    show_analytics(vs_name)
+
+
+@app.command("logs")
+def logs_cmd(
+    vs_name: str = typer.Argument(help="Virtual Service name"),
+    since: str = typer.Option("1h", help="Time range (e.g., 1h, 30m)"),
+) -> None:
+    """Show VS request error logs."""
+    from vmware_avi.ops.analytics import show_error_logs
+
+    show_error_logs(vs_name, since)
+
+
+# --- AKO commands ---
+
+
+@ako_app.command("status")
+def ako_status(
+    context: str | None = typer.Option(None, help="K8s context"),
+) -> None:
+    """Check AKO pod status."""
+    from vmware_avi.ops.ako_pod import check_ako_status
+
+    check_ako_status(context)
+
+
+@ako_app.command("logs")
+def ako_logs(
+    tail: int = typer.Option(100, help="Number of lines"),
+    since: str = typer.Option("", help="Time range (e.g., 30m, 1h)"),
+    context: str | None = typer.Option(None, help="K8s context"),
+) -> None:
+    """View AKO pod logs."""
+    from vmware_avi.ops.ako_pod import view_ako_logs
+
+    view_ako_logs(tail, since, context)
+
+
+@ako_app.command("restart")
+def ako_restart(
+    context: str | None = typer.Option(None, help="K8s context"),
+) -> None:
+    """Restart AKO pod (requires confirmation)."""
+    from vmware_avi.ops.ako_pod import restart_ako
+
+    restart_ako(context)
+
+
+@ako_app.command("version")
+def ako_version(
+    context: str | None = typer.Option(None, help="K8s context"),
+) -> None:
+    """Show AKO version info."""
+    from vmware_avi.ops.ako_pod import show_ako_version
+
+    show_ako_version(context)
+
+
+# --- AKO config sub-commands (nested under ako) ---
+
+
+@ako_app.command("config-show")
+def ako_config_show_cmd() -> None:
+    """Show current AKO values.yaml."""
+    from vmware_avi.ops.ako_config import show_ako_config
+
+    show_ako_config()
+
+
+@ako_app.command("config-diff")
+def ako_config_diff_cmd() -> None:
+    """Show pending Helm changes (diff)."""
+    from vmware_avi.ops.ako_config import diff_ako_config
+
+    diff_ako_config()
+
+
+@ako_app.command("config-upgrade")
+def ako_config_upgrade_cmd(
+    dry_run: bool = typer.Option(True, help="Preview only (default: true)"),
+) -> None:
+    """Helm upgrade AKO (requires confirmation)."""
+    from vmware_avi.ops.ako_config import upgrade_ako
+
+    upgrade_ako(dry_run)
+
+
+# --- AKO ingress sub-commands ---
+
+
+@ako_app.command("ingress-check")
+def ako_ingress_check_cmd(
+    namespace: str = typer.Argument(help="Namespace to check"),
+) -> None:
+    """Validate Ingress annotations in a namespace."""
+    from vmware_avi.ops.ako_ingress import check_ingress_annotations
+
+    check_ingress_annotations(namespace)
+
+
+@ako_app.command("ingress-map")
+def ako_ingress_map_cmd() -> None:
+    """Show Ingress to VS mapping."""
+    from vmware_avi.ops.ako_ingress import show_ingress_map
+
+    show_ingress_map()
+
+
+@ako_app.command("ingress-diagnose")
+def ako_ingress_diagnose_cmd(
+    name: str = typer.Argument(help="Ingress name"),
+    namespace: str = typer.Option("default", help="Namespace"),
+) -> None:
+    """Diagnose why an Ingress has no VS."""
+    from vmware_avi.ops.ako_ingress import diagnose_ingress
+
+    diagnose_ingress(name, namespace)
+
+
+# --- AKO sync sub-commands ---
+
+
+@ako_app.command("sync-status")
+def ako_sync_status_cmd() -> None:
+    """Check K8s-Controller sync status."""
+    from vmware_avi.ops.ako_sync import check_sync_status
+
+    check_sync_status()
+
+
+@ako_app.command("sync-diff")
+def ako_sync_diff_cmd() -> None:
+    """Show K8s-Controller inconsistencies."""
+    from vmware_avi.ops.ako_sync import show_sync_diff
+
+    show_sync_diff()
+
+
+@ako_app.command("sync-force")
+def ako_sync_force_cmd() -> None:
+    """Force AKO resync (requires confirmation)."""
+    from vmware_avi.ops.ako_sync import force_resync
+
+    force_resync()
+
+
+# --- AKO multi-cluster ---
+
+
+@ako_app.command("clusters")
+def ako_clusters_cmd() -> None:
+    """List all clusters with AKO deployed."""
+    from vmware_avi.ops.ako_multi_cluster import list_clusters
+
+    list_clusters()
+
+
+@ako_app.command("amko-status")
+def ako_amko_status_cmd() -> None:
+    """Show AMKO (multi-cluster GSLB) status."""
+    from vmware_avi.ops.ako_multi_cluster import show_amko_status
+
+    show_amko_status()
+
+
+if __name__ == "__main__":
+    app()

vmware_avi/config.py

@@ -0,0 +1,140 @@
+"""Configuration management for VMware AVI.
+
+Loads AVI Controller targets and AKO settings from YAML config + environment variables.
+Passwords are NEVER stored in config files — always via environment variables.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import stat
+from dataclasses import dataclass, field
+from pathlib import Path
+
+import yaml
+from dotenv import load_dotenv
+
+CONFIG_DIR = Path.home() / ".vmware-avi"
+CONFIG_FILE = CONFIG_DIR / "config.yaml"
+ENV_FILE = CONFIG_DIR / ".env"
+
+_log = logging.getLogger("vmware-avi.config")
+
+load_dotenv(ENV_FILE)
+
+
+def _check_env_permissions() -> None:
+    """Warn if .env file has permissions wider than owner-only (600)."""
+    if not ENV_FILE.exists():
+        return
+    try:
+        mode = ENV_FILE.stat().st_mode
+        if mode & (stat.S_IRWXG | stat.S_IRWXO):
+            _log.warning(
+                "Security warning: %s has permissions %s (should be 600). "
+                "Run: chmod 600 %s",
+                ENV_FILE,
+                oct(stat.S_IMODE(mode)),
+                ENV_FILE,
+            )
+    except OSError:
+        pass
+
+
+_check_env_permissions()
+
+
+@dataclass(frozen=True)
+class ControllerConfig:
+    """An AVI Controller connection target."""
+
+    name: str
+    host: str
+    username: str = "admin"
+    api_version: str = "22.1.4"
+    tenant: str = "admin"
+    port: int = 443
+    verify_ssl: bool = True
+
+    @property
+    def password(self) -> str:
+        env_key = f"{self.name.upper().replace('-', '_')}_PASSWORD"
+        pw = os.environ.get(env_key, "")
+        if not pw:
+            raise OSError(
+                f"Password not found. Set environment variable: {env_key}"
+            )
+        return pw
+
+
+@dataclass(frozen=True)
+class AkoConfig:
+    """AKO (Avi Kubernetes Operator) connection settings."""
+
+    kubeconfig: str = str(Path.home() / ".kube" / "config")
+    default_context: str = ""
+    namespace: str = "avi-system"
+
+
+@dataclass(frozen=True)
+class AppConfig:
+    """Top-level application config."""
+
+    controllers: tuple[ControllerConfig, ...] = ()
+    default_controller: str = ""
+    ako: AkoConfig = field(default_factory=AkoConfig)
+
+    def get_controller(self, name: str) -> ControllerConfig:
+        for c in self.controllers:
+            if c.name == name:
+                return c
+        available = ", ".join(c.name for c in self.controllers)
+        raise KeyError(f"Controller '{name}' not found. Available: {available}")
+
+    @property
+    def active_controller(self) -> ControllerConfig:
+        if self.default_controller:
+            return self.get_controller(self.default_controller)
+        if not self.controllers:
+            raise ValueError("No controllers configured. Check config.yaml")
+        return self.controllers[0]
+
+
+def load_config(config_path: Path | None = None) -> AppConfig:
+    """Load config from YAML file, with env var overrides for passwords."""
+    path = config_path or CONFIG_FILE
+    if not path.exists():
+        raise FileNotFoundError(
+            f"Config file not found: {path}\n"
+            f"Copy config.example.yaml to {CONFIG_FILE} and edit it."
+        )
+
+    with open(path) as f:
+        raw = yaml.safe_load(f) or {}
+
+    controllers = tuple(
+        ControllerConfig(
+            name=c["name"],
+            host=c["host"],
+            username=c.get("username", "admin"),
+            api_version=c.get("api_version", "22.1.4"),
+            tenant=c.get("tenant", "admin"),
+            port=c.get("port", 443),
+            verify_ssl=c.get("verify_ssl", True),
+        )
+        for c in raw.get("controllers", [])
+    )
+
+    ako_raw = raw.get("ako", {})
+    ako = AkoConfig(
+        kubeconfig=ako_raw.get("kubeconfig", str(Path.home() / ".kube" / "config")),
+        default_context=ako_raw.get("default_context", ""),
+        namespace=ako_raw.get("namespace", "avi-system"),
+    )
+
+    return AppConfig(
+        controllers=controllers,
+        default_controller=raw.get("default_controller", ""),
+        ako=ako,
+    )

vmware_avi/connection.py

@@ -0,0 +1,81 @@
+"""AVI Controller connection management via avisdk.
+
+Handles multi-controller connections with session reuse.
+"""
+
+from __future__ import annotations
+
+import logging
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from avi.sdk.avi_api import ApiSession
+
+from vmware_avi.config import AppConfig, ControllerConfig, load_config
+
+_log = logging.getLogger("vmware-avi.connection")
+
+
+class AviConnectionManager:
+    """Manages connections to multiple AVI Controllers."""
+
+    def __init__(self, config: AppConfig) -> None:
+        self._config = config
+        self._sessions: dict[str, ApiSession] = {}
+
+    @classmethod
+    def from_config(cls, config: AppConfig | None = None) -> AviConnectionManager:
+        cfg = config or load_config()
+        return cls(cfg)
+
+    def connect(self, controller_name: str | None = None) -> ApiSession:
+        """Connect to a controller by name, or the active controller."""
+        ctrl = (
+            self._config.get_controller(controller_name)
+            if controller_name
+            else self._config.active_controller
+        )
+
+        if ctrl.name in self._sessions:
+            session = self._sessions[ctrl.name]
+            try:
+                session.get("cluster/runtime")
+                return session
+            except Exception:
+                del self._sessions[ctrl.name]
+
+        session = self._create_session(ctrl)
+        self._sessions[ctrl.name] = session
+        return session
+
+    def disconnect(self, controller_name: str) -> None:
+        if controller_name in self._sessions:
+            try:
+                self._sessions[controller_name].delete("logout")
+            except Exception:
+                pass
+            del self._sessions[controller_name]
+
+    def disconnect_all(self) -> None:
+        for name in list(self._sessions):
+            self.disconnect(name)
+
+    def list_controllers(self) -> list[str]:
+        return [c.name for c in self._config.controllers]
+
+    def list_connected(self) -> list[str]:
+        return list(self._sessions.keys())
+
+    @staticmethod
+    def _create_session(ctrl: ControllerConfig) -> ApiSession:
+        from avi.sdk.avi_api import ApiSession
+
+        _log.info("Connecting to AVI Controller: %s (%s)", ctrl.name, ctrl.host)
+        return ApiSession.get_session(
+            controller_ip=ctrl.host,
+            username=ctrl.username,
+            password=ctrl.password,
+            api_version=ctrl.api_version,
+            tenant=ctrl.tenant,
+            port=ctrl.port,
+        )