diff --git a/nsxt/resource_nsxt_policy_segment_test.go b/nsxt/resource_nsxt_policy_segment_test.go index 0031750d9..bca004490 100644 --- a/nsxt/resource_nsxt_policy_segment_test.go +++ b/nsxt/resource_nsxt_policy_segment_test.go @@ -151,6 +151,7 @@ func TestAccResourceNsxtPolicySegment_updateAdvConfig(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.connectivity", "OFF"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.local_egress", "true"), + resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.urpf_mode", "STRICT"), ), }, { @@ -167,6 +168,7 @@ func TestAccResourceNsxtPolicySegment_updateAdvConfig(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.connectivity", "ON"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.local_egress", "false"), + resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.urpf_mode", "NONE"), ), }, }, @@ -588,6 +590,7 @@ resource "nsxt_policy_segment" "test" { advanced_config { connectivity = "OFF" local_egress = true + urpf_mode = "STRICT" } } `, name) @@ -617,6 +620,7 @@ resource "nsxt_policy_segment" "test" { advanced_config { connectivity = "ON" local_egress = false + urpf_mode = "NONE" } } `, name) diff --git a/nsxt/resource_nsxt_policy_vlan_segment_test.go b/nsxt/resource_nsxt_policy_vlan_segment_test.go index 245f24fae..b013fe0ab 100644 --- a/nsxt/resource_nsxt_policy_vlan_segment_test.go +++ b/nsxt/resource_nsxt_policy_vlan_segment_test.go @@ -90,6 +90,7 @@ func TestAccResourceNsxtPolicyVlanSegment_updateAdvConfig(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.connectivity", "OFF"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.local_egress", "true"), + resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.urpf_mode", "NONE"), ), }, { @@ -102,6 +103,7 @@ func TestAccResourceNsxtPolicyVlanSegment_updateAdvConfig(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.connectivity", "ON"), resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.local_egress", "false"), + resource.TestCheckResourceAttr(testResourceName, "advanced_config.0.urpf_mode", "STRICT"), ), }, }, @@ -351,6 +353,7 @@ resource "nsxt_policy_vlan_segment" "test" { advanced_config { connectivity = "OFF" local_egress = true + urpf_mode = "NONE" } } `, name) diff --git a/nsxt/segment_common.go b/nsxt/segment_common.go index c4df5d4b9..bb44f7906 100644 --- a/nsxt/segment_common.go +++ b/nsxt/segment_common.go @@ -27,6 +27,11 @@ var connectivityValues = []string{ model.SegmentAdvancedConfig_CONNECTIVITY_OFF, } +var urpfModeValues = []string{ + model.SegmentAdvancedConfig_URPF_MODE_NONE, + model.SegmentAdvancedConfig_URPF_MODE_STRICT, +} + func getPolicySegmentDhcpV4ConfigSchema() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -182,6 +187,13 @@ func getPolicySegmentAdvancedConfigurationSchema() *schema.Resource { Description: "The name of the switching uplink teaming policy for the bridge endpoint", Optional: true, }, + "urpf_mode": { + Type: schema.TypeString, + Description: "This URPF mode is applied to the downlink logical router port created while attaching this segment to gateway", + Optional: true, + ValidateFunc: validation.StringInSlice(urpfModeValues, false), + Default: model.SegmentAdvancedConfig_URPF_MODE_STRICT, + }, }, } } @@ -744,6 +756,9 @@ func policySegmentResourceToInfraStruct(id string, d *schema.ResourceData, isVla if teamingPolicy != "" { advConfigStruct.UplinkTeamingPolicyName = &teamingPolicy } + + urpfMode := advConfigMap["urpf_mode"].(string) + advConfigStruct.UrpfMode = &urpfMode } obj.AdvancedConfig = &advConfigStruct } @@ -1292,6 +1307,9 @@ func nsxtPolicySegmentRead(d *schema.ResourceData, m interface{}, isVlan bool, i if obj.AdvancedConfig.UplinkTeamingPolicyName != nil { advConfig["uplink_teaming_policy"] = *obj.AdvancedConfig.UplinkTeamingPolicyName } + if obj.AdvancedConfig.UrpfMode != nil { + advConfig["urpf_mode"] = *obj.AdvancedConfig.UrpfMode + } // This is a list with 1 element var advConfigList []map[string]interface{} advConfigList = append(advConfigList, advConfig) diff --git a/website/docs/r/policy_fixed_segment.html.markdown b/website/docs/r/policy_fixed_segment.html.markdown index 06ab34c40..903279bbf 100644 --- a/website/docs/r/policy_fixed_segment.html.markdown +++ b/website/docs/r/policy_fixed_segment.html.markdown @@ -90,6 +90,7 @@ The following arguments are supported: * `hybrid` - (Optional) Boolean flag to identify a hybrid logical switch. * `local_egress` - (Optional) Boolean flag to enable local egress when used in conjunction with L2VPN. * `uplink_teaming_policy` - (Optional) The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the transport zone. + * `urpf_mode` - (Optional) URPF mode to be applied to gateway downlink interface. One of `STRICT`, `NONE`. ## Attributes Reference diff --git a/website/docs/r/policy_segment.html.markdown b/website/docs/r/policy_segment.html.markdown index cd5a736f4..72ff6aff0 100644 --- a/website/docs/r/policy_segment.html.markdown +++ b/website/docs/r/policy_segment.html.markdown @@ -96,6 +96,7 @@ The following arguments are supported: * `hybrid` - (Optional) Boolean flag to identify a hybrid logical switch. * `local_egress` - (Optional) Boolean flag to enable local egress when used in conjunction with L2VPN. * `uplink_teaming_policy` - (Optional) The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the transport zone. + * `urpf_mode` - (Optional) URPF mode to be applied to gateway downlink interface. One of `STRICT`, `NONE`. * `discovery_profile` - (Optional) IP and MAC discovery profile specification for the segment. * `ip_discovery_profile_path` - (Optional) Path for IP discovery profile to be associated with the segment. * `mac_discovery_profile_path` - (Optional) Path for MAC discovery profile to be associated with the segment. diff --git a/website/docs/r/policy_vlan_segment.html.markdown b/website/docs/r/policy_vlan_segment.html.markdown index 04a5b58e1..c1cfb970b 100644 --- a/website/docs/r/policy_vlan_segment.html.markdown +++ b/website/docs/r/policy_vlan_segment.html.markdown @@ -99,6 +99,7 @@ The following arguments are supported: * `hybrid` - (Optional) Boolean flag to identify a hybrid logical switch. * `local_egress` - (Optional) Boolean flag to enable local egress. * `uplink_teaming_policy` - (Optional) The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the transport zone. + * `urpf_mode` - (Optional) URPF mode to be applied to gateway downlink interface. One of `STRICT`, `NONE`. * `discovery_profile` - (Optional) IP and MAC discovery profile specification for the segment. * `ip_discovery_profile_path` - (Optional) Path for IP discovery profile to be associated with the segment. * `mac_discovery_profile_path` - (Optional) Path for MAC discovery profile to be associated with the segment.