From c0d11cd9697b7263ea0c53e3a0d292a233f339aa Mon Sep 17 00:00:00 2001 From: Dainius Serplis Date: Tue, 26 Mar 2024 15:34:56 +0200 Subject: [PATCH 1/5] Add new field Signed-off-by: Dainius Serplis --- types/v56/nsxt_types.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/types/v56/nsxt_types.go b/types/v56/nsxt_types.go index 7dcd9a4e0..5953123dc 100644 --- a/types/v56/nsxt_types.go +++ b/types/v56/nsxt_types.go @@ -481,8 +481,18 @@ type NsxtFirewallRule struct { ID string `json:"id,omitempty"` // Name - API does not enforce uniqueness Name string `json:"name"` - // Action 'ALLOW', 'DROP' - Action string `json:"action"` + // Action field. Can be 'ALLOW', 'DROP' + // Deprecated in favor of ActionValue in VCD 10.2.2+ (API V35.2) + Action string `json:"action,omitempty"` + + // ActionValue replaces deprecated field Action and defines action to be applied to all the + // traffic that meets the firewall rule criteria. It determines if the rule permits or blocks + // traffic. Property is required if action is not set. Below are valid values: + // * ALLOW permits traffic to go through the firewall. + // * DROP blocks the traffic at the firewall. No response is sent back to the source. + // * REJECT blocks the traffic at the firewall. A response is sent back to the source. + ActionValue string `json:"actionValue,omitempty"` + // Enabled allows to enable or disable the rule Enabled bool `json:"enabled"` // SourceFirewallGroups contains a list of references to Firewall Groups. Empty list means 'Any' From 5323f83f7c9d81a8d5cf4909338a7734dc46baa6 Mon Sep 17 00:00:00 2001 From: Dainius Serplis Date: Wed, 27 Mar 2024 11:10:56 +0200 Subject: [PATCH 2/5] Add test Signed-off-by: Dainius Serplis --- govcd/nsxt_firewall_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/govcd/nsxt_firewall_test.go b/govcd/nsxt_firewall_test.go index 6a90a2130..9f9d75a01 100644 --- a/govcd/nsxt_firewall_test.go +++ b/govcd/nsxt_firewall_test.go @@ -5,12 +5,13 @@ package govcd import ( "crypto/rand" "fmt" - "github.com/vmware/go-vcloud-director/v2/util" "math/big" "os" "strconv" "text/tabwriter" + "github.com/vmware/go-vcloud-director/v2/util" + "github.com/vmware/go-vcloud-director/v2/types/v56" . "gopkg.in/check.v1" ) @@ -57,7 +58,7 @@ func (vcd *TestVCD) Test_NsxtFirewall(check *C) { check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Direction, Equals, randomizedFwRuleDefs[index].Direction) check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].IpProtocol, Equals, randomizedFwRuleDefs[index].IpProtocol) check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Enabled, Equals, randomizedFwRuleDefs[index].Enabled) - check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Action, Equals, randomizedFwRuleDefs[index].Action) + check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].ActionValue, Equals, randomizedFwRuleDefs[index].ActionValue) if vcd.client.Client.IsSysAdmin { // Only system administrator can handle logging check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Logging, Equals, randomizedFwRuleDefs[index].Logging) @@ -135,7 +136,7 @@ func createFirewallDefinitions(check *C, vcd *TestVCD) []*types.NsxtFirewallRule firewallRules[a] = &types.NsxtFirewallRule{ Name: check.TestName() + strconv.Itoa(a), - Action: pickRandomString([]string{"ALLOW", "DROP"}), + ActionValue: pickRandomString([]string{"ALLOW", "DROP", "REJECT"}), Enabled: a%2 == 0, SourceFirewallGroups: srcValue, DestinationFirewallGroups: dstValue, @@ -238,7 +239,7 @@ func dumpFirewallRulesToScreen(rules []*types.NsxtFirewallRule) { for _, rule := range rules { fmt.Fprintf(w, "%s\t%s\t%s\t%t\t%s\t%t\t%d\t%d\t%d\n", rule.Name, rule.Direction, rule.IpProtocol, - rule.Enabled, rule.Action, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles)) + rule.Enabled, rule.ActionValue, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles)) } err := w.Flush() if err != nil { From ddcaf9e8969a37b234c7d1353aa01145daf0a15d Mon Sep 17 00:00:00 2001 From: Dainius Serplis Date: Wed, 10 Apr 2024 13:19:06 +0300 Subject: [PATCH 3/5] Add changelog Signed-off-by: Dainius Serplis --- .changes/v2.24.0/661-improvements.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 .changes/v2.24.0/661-improvements.md diff --git a/.changes/v2.24.0/661-improvements.md b/.changes/v2.24.0/661-improvements.md new file mode 100644 index 000000000..6e416affb --- /dev/null +++ b/.changes/v2.24.0/661-improvements.md @@ -0,0 +1 @@ +* `types.NsxtFirewallRule` adds field `ActionValue` instead of `Action` that is deprecated VCD API. It allows users to use `REJECT` option [GH-661] From d1efd3b73d00c740bf97e1394a61eba188c84821 Mon Sep 17 00:00:00 2001 From: Dainius Serplis Date: Fri, 12 Apr 2024 08:00:53 +0300 Subject: [PATCH 4/5] Address comment Signed-off-by: Dainius Serplis --- .changes/v2.24.0/661-improvements.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.changes/v2.24.0/661-improvements.md b/.changes/v2.24.0/661-improvements.md index 6e416affb..d4f70b7a1 100644 --- a/.changes/v2.24.0/661-improvements.md +++ b/.changes/v2.24.0/661-improvements.md @@ -1 +1,2 @@ -* `types.NsxtFirewallRule` adds field `ActionValue` instead of `Action` that is deprecated VCD API. It allows users to use `REJECT` option [GH-661] +* Added field `ActionValue` to `types.NsxtFirewallRule` instead of `Action` that is deprecated in + VCD API. It allows users to use `REJECT` option [GH-661] From 026cbfaaed0390bbde8b1a524dc8ec4449bab01a Mon Sep 17 00:00:00 2001 From: Dainius Serplis Date: Fri, 26 Apr 2024 08:58:17 +0300 Subject: [PATCH 5/5] changelog Signed-off-by: Dainius Serplis --- .changes/{v2.24.0 => v2.25.0}/661-improvements.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changes/{v2.24.0 => v2.25.0}/661-improvements.md (100%) diff --git a/.changes/v2.24.0/661-improvements.md b/.changes/v2.25.0/661-improvements.md similarity index 100% rename from .changes/v2.24.0/661-improvements.md rename to .changes/v2.25.0/661-improvements.md