Skip to content

Commit

Permalink
test
Browse files Browse the repository at this point in the history
Signed-off-by: graysonwu <[email protected]>
  • Loading branch information
GraysonWu committed Dec 8, 2023
1 parent 149dc4e commit 4092157
Show file tree
Hide file tree
Showing 7 changed files with 504 additions and 7 deletions.
85 changes: 85 additions & 0 deletions nsxt/data_source_nsxt_policy_security_policy_rule.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
/* Copyright © 2023 VMware, Inc. All Rights Reserved.
SPDX-License-Identifier: MPL-2.0 */

package nsxt

import (
"fmt"

Check failure on line 7 in nsxt/data_source_nsxt_policy_security_policy_rule.go

View workflow job for this annotation

GitHub Actions / lint

File is not `goimports`-ed (goimports)
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
securitypolicies "github.com/vmware/terraform-provider-nsxt/api/infra/domains/security_policies"
"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
"strings"
)

func dataSourceNsxtPolicySecurityPolicyRule() *schema.Resource {
return &schema.Resource{
Read: dataSourceNsxtPolicySecurityPolicyRuleRead,

Schema: map[string]*schema.Schema{
"id": getDataSourceIDSchema(),
"display_name": getDataSourceDisplayNameSchema(),
"description": getDataSourceDescriptionSchema(),
"path": getPathSchema(),
"policy_path": getPolicyPathSchema(true, false, "Security Policy path"),
"context": getContextSchema(),
},
}
}

func dataSourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interface{}) error {
connector := getPolicyConnector(m)

policyPath := d.Get("policy_path").(string)
domain := getDomainFromResourcePath(policyPath)
policyID := getPolicyIDFromPath(policyPath)

client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
objID := d.Get("id").(string)
var obj model.Rule
if objID != "" {
// Get by id
objGet, err := client.Get(domain, policyID, objID)

if err != nil {
return handleDataSourceReadError(d, "SecurityPolicyRule", objID, err)
}
obj = objGet
} else {
// Get by full name/prefix
displayName := d.Get("display_name").(string)
objList, err := client.List(domain, policyID, nil, nil, nil, nil, nil, nil)
if err != nil {
return handleListError("SecurityPolicyRule", err)
}
// go over the list to find the correct one (prefer a perfect match. If not - prefix match)
var perfectMatch []model.Rule
var prefixMatch []model.Rule
for _, objInList := range objList.Results {
if strings.HasPrefix(*objInList.DisplayName, displayName) {
prefixMatch = append(prefixMatch, objInList)
}
if *objInList.DisplayName == displayName {
perfectMatch = append(perfectMatch, objInList)
}
}
if len(perfectMatch) > 0 {
if len(perfectMatch) > 1 {
return fmt.Errorf("Found multiple SecurityPolicyRule with name '%s'", displayName)
}
obj = perfectMatch[0]
} else if len(prefixMatch) > 0 {
if len(prefixMatch) > 1 {
return fmt.Errorf("Found multiple SecurityPolicyRule with name starting with '%s'", displayName)
}
obj = prefixMatch[0]
} else {
return fmt.Errorf("SecurityPolicyRule with name '%s' was not found", displayName)
}
}

d.SetId(*obj.Id)
d.Set("display_name", obj.DisplayName)
d.Set("description", obj.Description)
d.Set("path", obj.Path)
return nil
}
1 change: 1 addition & 0 deletions nsxt/policy_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID
Required: true,
}
ruleSchema["context"] = getContextSchema()
ruleSchema["path"] = getPathSchema()
} else {
ruleSchema["sequence_number"] = &schema.Schema{
Type: schema.TypeInt,
Expand Down
1 change: 1 addition & 0 deletions nsxt/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,7 @@ func Provider() *schema.Provider {
"nsxt_policy_host_transport_node": dataSourceNsxtPolicyHostTransportNode(),
"nsxt_manager_cluster_node": dataSourceNsxtManagerClusterNode(),
"nsxt_policy_host_transport_node_profile": dataSourceNsxtPolicyHostTransportNodeProfile(),
"nsxt_policy_security_policy_rule": dataSourceNsxtPolicySecurityPolicyRule(),
},

ResourcesMap: map[string]*schema.Resource{
Expand Down
2 changes: 1 addition & 1 deletion nsxt/resource_nsxt_policy_security_policy_no_rule.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright © 2019 VMware, Inc. All Rights Reserved.
/* Copyright © 2023 VMware, Inc. All Rights Reserved.
SPDX-License-Identifier: MPL-2.0 */

package nsxt
Expand Down
167 changes: 167 additions & 0 deletions nsxt/resource_nsxt_policy_security_policy_no_rule_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
/* Copyright © 2023 VMware, Inc. All Rights Reserved.
SPDX-License-Identifier: MPL-2.0 */

package nsxt

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
)

func TestAccResourceNsxtPolicySecurityPolicyNoRule_basic(t *testing.T) {
testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, false, func() {
testAccPreCheck(t)
})
}

func TestAccResourceNsxtPolicySecurityPolicyNoRule_multitenancy(t *testing.T) {
testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, true, func() {
testAccPreCheck(t)
testAccOnlyMultitenancy(t)
})
}

func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContext bool, preCheck func()) {
testResourceName := "nsxt_policy_security_policy_no_rule.test"

name := getAccTestResourceName()
updatedName := getAccTestResourceName()
locked := "true"
updatedLocked := "false"
seqNum := "1"
updatedSeqNum := "2"
tcpStrict := "true"
updatedTcpStrict := "false"

Check warning on line 37 in nsxt/resource_nsxt_policy_security_policy_no_rule_test.go

View workflow job for this annotation

GitHub Actions / lint

var-naming: var updatedTcpStrict should be updatedTCPStrict (revive)

resource.ParallelTest(t, resource.TestCase{
PreCheck: preCheck,
Providers: testAccProviders,
CheckDestroy: func(state *terraform.State) error {
return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, updatedName)
},
Steps: []resource.TestStep{
{
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, name, locked, seqNum, tcpStrict),
Check: resource.ComposeTestCheckFunc(
testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain),
resource.TestCheckResourceAttr(testResourceName, "display_name", name),
resource.TestCheckResourceAttr(testResourceName, "locked", locked),
resource.TestCheckResourceAttr(testResourceName, "sequence_number", seqNum),
resource.TestCheckResourceAttr(testResourceName, "tcp_strict", tcpStrict),
),
},
{
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, updatedName, updatedLocked, updatedSeqNum, updatedTcpStrict),
Check: resource.ComposeTestCheckFunc(
testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain),
resource.TestCheckResourceAttr(testResourceName, "display_name", updatedName),
resource.TestCheckResourceAttr(testResourceName, "locked", updatedLocked),
resource.TestCheckResourceAttr(testResourceName, "sequence_number", updatedSeqNum),
resource.TestCheckResourceAttr(testResourceName, "tcp_strict", updatedTcpStrict),
),
},
},
})
}

func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic(t *testing.T) {
name := getAccTestResourceName()
testResourceName := "nsxt_policy_security_policy_no_rule.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: func(state *terraform.State) error {
return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, name)
},
Steps: []resource.TestStep{
{
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(false, name, "true", "1", "true"),
},
{
ResourceName: testResourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName),
},
},
})
}

func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *testing.T) {
name := getAccTestResourceName()
testResourceName := "nsxt_policy_security_policy_no_rule.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
testAccOnlyMultitenancy(t)
},
Providers: testAccProviders,
CheckDestroy: func(state *terraform.State) error {
return testAccNsxtPolicySecurityPolicyCheckDestroy(state, name, defaultDomain)
},
Steps: []resource.TestStep{
{
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(true, name, "true", "1", "true"),
},
{
ResourceName: testResourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName),
},
},
})
}

func testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state *terraform.State, displayName string) error {
connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
for _, rs := range state.RootModule().Resources {

if rs.Type != "nsxt_policy_security_policy_no_rule" {
continue
}

resourceID := rs.Primary.Attributes["id"]
domain := rs.Primary.Attributes["domain"]
exists, err := resourceNsxtPolicySecurityPolicyExistsInDomain(testAccGetSessionContext(), resourceID, domain, connector)
if err != nil {
return err
}
if exists {
return fmt.Errorf("Policy SecurityPolicy %s still exists", displayName)
}
}
return nil
}

func testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext bool, name, locked, seqNum, tcpStrict string) string {
context := ""
if withContext {
context = testAccNsxtPolicyMultitenancyContext()
}
return testAccNsxtPolicySecurityPolicyDeps() + fmt.Sprintf(`
resource "nsxt_policy_security_policy_no_rule" "test" {
%s
display_name = "%s"
description = "Acceptance Test"
domain = "default"
category = "Application"
locked = %s
sequence_number = %s
stateful = "true"
tcp_strict = %s
scope = [nsxt_policy_group.group1.path]
tag {
scope = "color"
tag = "orange"
}
depends_on = [nsxt_policy_group.group1]
}`, context, name, locked, seqNum, tcpStrict)
}
26 changes: 20 additions & 6 deletions nsxt/resource_nsxt_policy_security_policy_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ package nsxt

import (
"fmt"

Check failure on line 7 in nsxt/resource_nsxt_policy_security_policy_rule.go

View workflow job for this annotation

GitHub Actions / lint

File is not `goimports`-ed (goimports)
"log"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
"log"
"strings"

"github.com/vmware/terraform-provider-nsxt/api/infra/domains/security_policies"
utl "github.com/vmware/terraform-provider-nsxt/api/utl"
Expand All @@ -22,7 +22,7 @@ func resourceNsxtPolicySecurityPolicyRule() *schema.Resource {
Update: resourceNsxtPolicySecurityPolicyRuleUpdate,
Delete: resourceNsxtPolicySecurityPolicyRuleDelete,
Importer: &schema.ResourceImporter{
State: nsxtDomainResourceImporter,
State: nsxtSecurityPolicyRuleImporter,
},
Schema: getSecurityPolicyAndGatewayRuleSchema(false, false, true, true),
}
Expand Down Expand Up @@ -103,11 +103,11 @@ func securityPolicyRuleSchemaToModel(d *schema.ResourceData, id string) model.Ru

func resourceNsxtPolicySecurityPolicyRuleExistsPartial(policyPath string) func(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
return func(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
return resourceNsxtPolicySecurityPolicyRuleExistsInDomain(sessionContext, id, policyPath, connector)
return resourceNsxtPolicySecurityPolicyRuleExists(sessionContext, id, policyPath, connector)
}
}

func resourceNsxtPolicySecurityPolicyRuleExistsInDomain(sessionContext utl.SessionContext, id string, policyPath string, connector client.Connector) (bool, error) {
func resourceNsxtPolicySecurityPolicyRuleExists(sessionContext utl.SessionContext, id string, policyPath string, connector client.Connector) (bool, error) {
client := securitypolicies.NewRulesClient(sessionContext, connector)

domain := getDomainFromResourcePath(policyPath)
Expand Down Expand Up @@ -135,7 +135,6 @@ func resourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interfac
policyPath := d.Get("policy_path").(string)
domain := getDomainFromResourcePath(policyPath)
policyID := getPolicyIDFromPath(policyPath)

client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
rule, err := client.Get(domain, policyID, id)
if err != nil {
Expand All @@ -149,6 +148,7 @@ func resourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interfac
func securityPolicyRuleModelToSchema(d *schema.ResourceData, rule model.Rule) {
d.Set("display_name", rule.DisplayName)
d.Set("description", rule.Description)
d.Set("path", rule.Path)
d.Set("notes", rule.Notes)
d.Set("logged", rule.Logged)
d.Set("log_label", rule.Tag)
Expand Down Expand Up @@ -214,3 +214,17 @@ func resourceNsxtPolicySecurityPolicyRuleDelete(d *schema.ResourceData, m interf
client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
return client.Delete(domain, policyID, id)
}

func nsxtSecurityPolicyRuleImporter(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
importID := d.Id()
// Example of Rule path: /infra/domains/default/security-policies/04e862ad-ddce-434c-8453-229e2740982e/rules/b971bdc3-9e8f-442d-a694-846cbbb46ca5
if strings.Count(importID, "/") != 7 {
return nil, fmt.Errorf("Invalid SecurityPolicyRule path %s", importID)
}
rd, err := nsxtPolicyPathResourceImporterHelper(d, m)
if err != nil {
return rd, err
}
d.Set("policy_path", importID[:strings.Index(importID, "rule")-1])
return []*schema.ResourceData{d}, nil
}
Loading

0 comments on commit 4092157

Please sign in to comment.