Merge pull request #77 from vmware-samples/development

v1.9 Release

.gitignore

@@ -1,2 +1,8 @@
 *.json
-__pycache__
+__pycache__
+.DS_Store
+CODE-OF-CONDUCT.md
+CONTRIBUTING.md
+LICENSE.txt
+NOTICE.txt
+venv-impexp

Dockerfile

@@ -1,4 +1,4 @@
-FROM bitnami/python:3.9.5-prod
+FROM bitnami/python:latest
 
 WORKDIR /tmp/scripts
 

README.md

@@ -39,8 +39,7 @@ The SDDC Import/Export for VMware Cloud on AWS tool enable customers to save and
 There are many situations when customers want to migrate from an existing SDDC to a different one. While HCX addresses the data migration challenge, this tool offers customers the ability to copy the configuration from a source to a destination SDDC.
 
 A few example migration scenarios are:
-- SDDC to SDDC migration from bare-metal (i3) to a different bare-metal type (i3en)
-- SDDC to SDDC migration from VMware-based org to an AWS-based org
+- SDDC to SDDC migration from bare-metal (i3) to a different bare-metal type (i3en, i4i)
 - SDDC to SDDC migration from region (i.e. London) to a different region (i.e. Dublin).
 
 Other use cases are:
@@ -140,6 +139,7 @@ Version 1.3 introduced the ability to filter out objects during an import. The f
 - CGW firewall rule
 - CGW firewall group
 - CGW network segment
+- Flexible segment
 - MGW firewall rule
 - MGW firewall group
 
@@ -177,6 +177,14 @@ aws_s3_export_access_id = ""
 aws_s3_export_access_secret = ""
 aws_s3_export_bucket = ""
 ```
+
+The aws.ini also includes an option to include credentials for the customer-owned AWS account connected to the SDDC.  This allows for automatic acceptance of a resource share for the managed prefix list feature as well as configuration of multiple VPC route tables.  This is separate from the S3 configuration above and must be filled out for the configuration to work correctly.  
+```
+aws_import_access_key_id = 
+aws_import_secret_access_key = 
+aws_import_session_token = 
+```
+
 The aws.ini configuration can also be passed via command line. Use sddc_import_export --help for syntax.
 
 ### 1.3.7. Update vcenter.ini (optional)
@@ -216,20 +224,32 @@ If all of the export options are enabled, this will export a set of files:
 -	cgw.json
 -   dfw_details.json
 -   dfw.json
+-   dhcp-static-bindings.json
+-   flex_seg_disc_prof.json
 -   flex_seg.json
--   mcgw.json
--   mcgw-fw.json
+-   mcgw_fw.json
 -   mcgw_static_routes.json
+-   mcgw.json
 -	mgw_groups.json
 -	mgw.json
+-   mpl.json
 -	natrules.json
+-   nsx_adv_fw_policies.json
+-   nsx_adv_fw_profiles.json
+-   nsx_adv_fw_rules.json
+-   nsx_adv_fw_settings.json
+-   nsx_adv_fw_sigs.json    
+-   public_ip_old_new.json
 -	public.json
 -   ral.json
 -   route_config.json
 -   s3-service_access.json
 -   sddc_info.json
 -   service_access.json
 -   services.json
+-   t1vpn.json
+-   t1vpn_service.json
+-   t1vpn_le.json
 -   vpn-bgp.json
 -   vpn-dpd.json
 -   vpn-ike.json

config_ini/.gitignore

@@ -0,0 +1,4 @@
+*.zip
+*.json
+*.ini
+

config_ini/aws.ini

@@ -7,4 +7,9 @@ aws_s3_export_access_id =
 aws_s3_export_access_secret =
 
 # Populate this with the S3 bucket name. The sample Lambda code uses a command line parameter to override this configuration
-aws_s3_export_bucket =
+aws_s3_export_bucket =
+
+#AWS credntials for Connected VPC Configuraton
+aws_import_access_key_id = 
+aws_import_secret_access_key = 
+aws_import_session_token = 

config_ini/config.ini

@@ -32,6 +32,7 @@ network_dhcp_static_binding_export = False
 # Export segments attached to non-default Tier-1 gateways?
 flex_segment_export = True
 flex_segment_export_filename = flex_seg.json
+flex_segment_disc_prof_export_filename = flex_seg_disc_prof.json
 
 # Export the list of public IP addresses?
 public_export = True
@@ -43,6 +44,10 @@ nat_export_filename = natrules.json
 
 #Export VPN configuration?
 vpn_export = True
+t1_vpn_export = True
+t1_vpn_export_filename = t1vpn.json
+t1_vpn_service_filename = t1vpn_service.json
+t1_vpn_localendpoint_filename = t1vpn_le.json
 
 # Export service access?
 service_access_export = True
@@ -54,7 +59,12 @@ dfw_detailed_export_filename = dfw_details.json
 
 # Export the NSX advanced firewall? This setting will have no effect if the
 # NSX advanced firewall add-on is not enabled in the source SDDC
-nsx_adv_fw_export = False
+nsx_adv_fw_export = True
+nsx_adv_fw_settings_export_filename = nsx_adv_fw_settings.json
+nsx_adv_fw_sigs_export_filename = nsx_adv_fw_sigs.json
+nsx_adv_fw_profiles_export_filename = nsx_adv_fw_profiles.json
+nsx_adv_fw_policies_export_filename = nsx_adv_fw_policies.json
+nsx_adv_fw_rules_export_filename = nsx_adv_fw_rules.json
 
 # Export the multiple tier-1 gateway configuration and firewall rules.  Feature added with M18.
 mcgw_export = True
@@ -64,6 +74,10 @@ mcgw_fw_export_filename = mcgw_fw.json
 mcgw_static_routes_export = True
 mcgw_static_routes_export_filename = mcgw_static_routes.json
 
+# Export Connected VPC Managed Prefix List configuration
+mpl_export = True
+mpl_export_filename = mpl.json
+
 # Export route aggregation lists and route configuration
 ral_export = True
 ral_export_filename = ral.json
@@ -124,6 +138,9 @@ import_mode = test
 # Set this to false if you are absolutely sure you have your script configured correctly and want to run it automatically
 import_mode_live_warning = True
 
+# Script will attempt to enable IPv6 on the destination SDDC if it was enabled on the source SDDC
+enable_ipv6 = True
+
 # Import services? Only disable this if you truly know what you are doing.
 # Firewall groups are dependent on Services. If you skip Services, Groups that are
 # dependent on those services will fail to import
@@ -162,6 +179,13 @@ mcgw_static_route_import_filename = mcgw_static_routes.json
 mcgw_fw_import = True
 mcgw_fw_import_filename = mcgw_fw.json
 
+# Import Conncted VPC Managed Prefix List
+mpl_import = True
+mpl_import_filename = mpl.json
+#Automatically accept the Resource Share.  Users must provide an AWS Access Key and Secret Access Key in the aws.ini file
+automate_ram_acceptance = True
+automate_vpc_route_table_programming = True
+
 #Import Route Aggregation Lists and Route Configuration?
 ral_import = True
 ral_import_filename = ral.json
@@ -185,6 +209,7 @@ flex_segment_import = True
 flex_segment_import_filename = flex_seg.json
 # Python regex match on network display name, pipe-delimited. See README for examples.
 flex_segment_import_exclude_list = L2E_
+flex_segment_disc_prof_import_filename = flex_seg_disc_prof.json
 
 # Import the list of public IP addresses?
 public_import = True
@@ -197,6 +222,10 @@ nat_import_filename = natrules.json
 
 # Import VPN configuration?
 vpn_import = True
+t1_vpn_import = True
+t1_vpn_import_filename = t1vpn.json
+t1_vpn_service_import_filename = t1vpn_service.json
+t1_vpn_localendpoint_import_filename = t1vpn_le.json
 
 # Automatically disable VPN tunnels when importing them
 vpn_disable_on_import = True
@@ -215,8 +244,13 @@ dfw_detailed_import_filename = dfw_details.json
 # firewall add-on is not enable in the destination SDDC. The script will
 # automatically enable the advanced firewall addon if you set
 # nsx_adv_fw_allow_enable to True
-nsx_adv_fw_allow_enable = False
-nsx_adv_fw_import = False
+nsx_adv_fw_import = True
+nsx_adv_fw_allow_enable = True
+nsx_adv_fw_settings_import_filename = nsx_adv_fw_settings.json
+nsx_adv_fw_sigs_import_filename = nsx_adv_fw_sigs.json
+nsx_adv_fw_profiles_import_filename = nsx_adv_fw_profiles.json
+nsx_adv_fw_policies_import_filename = nsx_adv_fw_policies.json
+nsx_adv_fw_rules_import_filename = nsx_adv_fw_rules.json
 
 
 # vCenter Import Options
@@ -225,4 +259,4 @@ import_vcenter_folders = False
 
 # CSP Role sync options
 # A pipe delimited list of email addresses - these accounts will have the roles synchronized with roles attached to the source user
-role_sync_dest_user_emails =
+role_sync_dest_user_emails =

config_ini/vmc.ini

@@ -11,11 +11,11 @@ strGovProdURL           = https://www.vmc-us-gov.vmware.com
 strGovCSPProdURL        = https://console.cloud-us-gov.vmware.com
 
 # Refresh tokens generated in the VMC console. Users have a separate token in each org
-source_refresh_token    = x
-dest_refresh_token      = x
+source_refresh_token    = 
+dest_refresh_token      = 
 
 # Organization and SDDC IDs are easily found in the support tab of any SDDC
-source_org_id           = x
-source_sddc_id          = x
-dest_org_id             = x
-dest_sddc_id            = x
+source_org_id           = 
+source_sddc_id          = 
+dest_org_id             = 
+dest_sddc_id            = 

requirements.txt

@@ -1,10 +1,11 @@
-certifi==2020.6.20
-chardet==3.0.4
-configparser==5.0.1
-idna==2.10
+certifi==2023.5.7
+chardet==5.1.0
+configparser==5.3.0
+idna==3.4
 PTable==0.9.2
-requests==2.26.0
-urllib3==1.26.6
-wcwidth==0.2.5
-boto3==1.16.39
-#git+https://github.com/vmware/[email protected]
+requests==2.31.0
+urllib3==1.26.15
+wcwidth==0.2.6
+boto3==1.26.137
+prettytable == 3.7.0
+#git+https://github.com/vmware/[email protected]