diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go index 103456c8f..36eb67b62 100644 --- a/nsxt/policy_common.go +++ b/nsxt/policy_common.go @@ -162,7 +162,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch Description: "List of destination groups", Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validatePolicyPath(), + ValidateFunc: validatePolicySourceDestinationGroups(), }, Optional: true, }, @@ -241,7 +241,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch Description: "List of source groups", Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validatePolicyPath(), + ValidateFunc: validatePolicySourceDestinationGroups(), }, Optional: true, }, diff --git a/nsxt/validators.go b/nsxt/validators.go index 04d68cd18..7f4dd452a 100644 --- a/nsxt/validators.go +++ b/nsxt/validators.go @@ -361,6 +361,23 @@ func validateSSLCiphers() schema.SchemaValidateFunc { return validation.StringInSlice(supportedSSLCiphers, false) } +func validatePolicySourceDestinationGroups() schema.SchemaValidateFunc { + return func(i interface{}, k string) (s []string, es []error) { + v, ok := i.(string) + if !ok { + es = append(es, fmt.Errorf("expected type of %s to be string", k)) + return + } + + if !isCidr(v, true, false) && !isSingleIP(v) && !isIPRange(v) && !isPolicyPath(v) && v != "ANY" { + es = append(es, fmt.Errorf( + "expected %s to contain a valid IP,Range, CIDR, \"ANY\", or Group Path. Got: %s", k, v)) + } + return + + } +} + func validatePolicyPath() schema.SchemaValidateFunc { return func(i interface{}, k string) (s []string, es []error) { v, ok := i.(string)