From 30953d9d41911d6b9a46c9e676966d750143d4f5 Mon Sep 17 00:00:00 2001 From: "Giesler, Andrew" Date: Tue, 9 Mar 2021 13:04:10 -0600 Subject: [PATCH] Allow IP CIDR Range or Any as source/dest groups Adds a new validator specific to source and destination policy groups. NSX-T can accept an IP, Range, CIDR, "ANY", or a Group Path as a source and/or destination group through the security policy interface. Updates the getSecurityPolicyAndGatewayRulesSchema function to use the new validator. Resolves: Issue #584 --- nsxt/policy_common.go | 4 ++-- nsxt/validators.go | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go index 103456c8f..36eb67b62 100644 --- a/nsxt/policy_common.go +++ b/nsxt/policy_common.go @@ -162,7 +162,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch Description: "List of destination groups", Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validatePolicyPath(), + ValidateFunc: validatePolicySourceDestinationGroups(), }, Optional: true, }, @@ -241,7 +241,7 @@ func getSecurityPolicyAndGatewayRulesSchema(scopeRequired bool, isIds bool) *sch Description: "List of source groups", Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validatePolicyPath(), + ValidateFunc: validatePolicySourceDestinationGroups(), }, Optional: true, }, diff --git a/nsxt/validators.go b/nsxt/validators.go index 04d68cd18..7f4dd452a 100644 --- a/nsxt/validators.go +++ b/nsxt/validators.go @@ -361,6 +361,23 @@ func validateSSLCiphers() schema.SchemaValidateFunc { return validation.StringInSlice(supportedSSLCiphers, false) } +func validatePolicySourceDestinationGroups() schema.SchemaValidateFunc { + return func(i interface{}, k string) (s []string, es []error) { + v, ok := i.(string) + if !ok { + es = append(es, fmt.Errorf("expected type of %s to be string", k)) + return + } + + if !isCidr(v, true, false) && !isSingleIP(v) && !isIPRange(v) && !isPolicyPath(v) && v != "ANY" { + es = append(es, fmt.Errorf( + "expected %s to contain a valid IP,Range, CIDR, \"ANY\", or Group Path. Got: %s", k, v)) + } + return + + } +} + func validatePolicyPath() schema.SchemaValidateFunc { return func(i interface{}, k string) (s []string, es []error) { v, ok := i.(string)