Skip to content

Commit

Permalink
Allow IP CIDR Range or Any as source/dest groups
Browse files Browse the repository at this point in the history
Adds a new validator specific to source and destination policy groups.
NSX-T can accept an IP, Range, CIDR, "ANY", or a Group Path as a source
and/or destination group through the security policy interface.

Updates the getSecurityPolicyAndGatewayRulesSchema function to use the
new validator.

Resolves: Issue vmware#584
  • Loading branch information
akgiesler committed Mar 9, 2021
1 parent 7860cf2 commit 30953d9
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 2 deletions.
4 changes: 2 additions & 2 deletions nsxt/policy_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch
Description: "List of destination groups",
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validatePolicyPath(),
ValidateFunc: validatePolicySourceDestinationGroups(),
},
Optional: true,
},
Expand Down Expand Up @@ -241,7 +241,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch
Description: "List of source groups",
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validatePolicyPath(),
ValidateFunc: validatePolicySourceDestinationGroups(),
},
Optional: true,
},
Expand Down
17 changes: 17 additions & 0 deletions nsxt/validators.go
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,23 @@ func validateSSLCiphers() schema.SchemaValidateFunc {
return validation.StringInSlice(supportedSSLCiphers, false)
}

func validatePolicySourceDestinationGroups() schema.SchemaValidateFunc {
return func(i interface{}, k string) (s []string, es []error) {
v, ok := i.(string)
if !ok {
es = append(es, fmt.Errorf("expected type of %s to be string", k))
return
}

if !isCidr(v, true, false) && !isSingleIP(v) && !isIPRange(v) && !isPolicyPath(v) && v != "ANY" {
es = append(es, fmt.Errorf(
"expected %s to contain a valid IP,Range, CIDR, \"ANY\", or Group Path. Got: %s", k, v))
}
return

}
}

func validatePolicyPath() schema.SchemaValidateFunc {
return func(i interface{}, k string) (s []string, es []error) {
v, ok := i.(string)
Expand Down

0 comments on commit 30953d9

Please sign in to comment.