-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: graysonwu <[email protected]>
- Loading branch information
Showing
7 changed files
with
504 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* Copyright © 2023 VMware, Inc. All Rights Reserved. | ||
SPDX-License-Identifier: MPL-2.0 */ | ||
|
||
package nsxt | ||
|
||
import ( | ||
"fmt" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
securitypolicies "github.com/vmware/terraform-provider-nsxt/api/infra/domains/security_policies" | ||
"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" | ||
"strings" | ||
) | ||
|
||
func dataSourceNsxtPolicySecurityPolicyRule() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: dataSourceNsxtPolicySecurityPolicyRuleRead, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"id": getDataSourceIDSchema(), | ||
"display_name": getDataSourceDisplayNameSchema(), | ||
"description": getDataSourceDescriptionSchema(), | ||
"path": getPathSchema(), | ||
"policy_path": getPolicyPathSchema(true, false, "Security Policy path"), | ||
"context": getContextSchema(), | ||
}, | ||
} | ||
} | ||
|
||
func dataSourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interface{}) error { | ||
connector := getPolicyConnector(m) | ||
|
||
policyPath := d.Get("policy_path").(string) | ||
domain := getDomainFromResourcePath(policyPath) | ||
policyID := getPolicyIDFromPath(policyPath) | ||
|
||
client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector) | ||
objID := d.Get("id").(string) | ||
var obj model.Rule | ||
if objID != "" { | ||
// Get by id | ||
objGet, err := client.Get(domain, policyID, objID) | ||
|
||
if err != nil { | ||
return handleDataSourceReadError(d, "SecurityPolicyRule", objID, err) | ||
} | ||
obj = objGet | ||
} else { | ||
// Get by full name/prefix | ||
displayName := d.Get("display_name").(string) | ||
objList, err := client.List(domain, policyID, nil, nil, nil, nil, nil, nil) | ||
if err != nil { | ||
return handleListError("SecurityPolicyRule", err) | ||
} | ||
// go over the list to find the correct one (prefer a perfect match. If not - prefix match) | ||
var perfectMatch []model.Rule | ||
var prefixMatch []model.Rule | ||
for _, objInList := range objList.Results { | ||
if strings.HasPrefix(*objInList.DisplayName, displayName) { | ||
prefixMatch = append(prefixMatch, objInList) | ||
} | ||
if *objInList.DisplayName == displayName { | ||
perfectMatch = append(perfectMatch, objInList) | ||
} | ||
} | ||
if len(perfectMatch) > 0 { | ||
if len(perfectMatch) > 1 { | ||
return fmt.Errorf("Found multiple SecurityPolicyRule with name '%s'", displayName) | ||
} | ||
obj = perfectMatch[0] | ||
} else if len(prefixMatch) > 0 { | ||
if len(prefixMatch) > 1 { | ||
return fmt.Errorf("Found multiple SecurityPolicyRule with name starting with '%s'", displayName) | ||
} | ||
obj = prefixMatch[0] | ||
} else { | ||
return fmt.Errorf("SecurityPolicyRule with name '%s' was not found", displayName) | ||
} | ||
} | ||
|
||
d.SetId(*obj.Id) | ||
d.Set("display_name", obj.DisplayName) | ||
d.Set("description", obj.Description) | ||
d.Set("path", obj.Path) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
167 changes: 167 additions & 0 deletions
167
nsxt/resource_nsxt_policy_security_policy_no_rule_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,167 @@ | ||
/* Copyright © 2023 VMware, Inc. All Rights Reserved. | ||
SPDX-License-Identifier: MPL-2.0 */ | ||
|
||
package nsxt | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
) | ||
|
||
func TestAccResourceNsxtPolicySecurityPolicyNoRule_basic(t *testing.T) { | ||
testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, false, func() { | ||
testAccPreCheck(t) | ||
}) | ||
} | ||
|
||
func TestAccResourceNsxtPolicySecurityPolicyNoRule_multitenancy(t *testing.T) { | ||
testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, true, func() { | ||
testAccPreCheck(t) | ||
testAccOnlyMultitenancy(t) | ||
}) | ||
} | ||
|
||
func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContext bool, preCheck func()) { | ||
testResourceName := "nsxt_policy_security_policy_no_rule.test" | ||
|
||
name := getAccTestResourceName() | ||
updatedName := getAccTestResourceName() | ||
locked := "true" | ||
updatedLocked := "false" | ||
seqNum := "1" | ||
updatedSeqNum := "2" | ||
tcpStrict := "true" | ||
updatedTcpStrict := "false" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: preCheck, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, updatedName) | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, name, locked, seqNum, tcpStrict), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain), | ||
resource.TestCheckResourceAttr(testResourceName, "display_name", name), | ||
resource.TestCheckResourceAttr(testResourceName, "locked", locked), | ||
resource.TestCheckResourceAttr(testResourceName, "sequence_number", seqNum), | ||
resource.TestCheckResourceAttr(testResourceName, "tcp_strict", tcpStrict), | ||
), | ||
}, | ||
{ | ||
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, updatedName, updatedLocked, updatedSeqNum, updatedTcpStrict), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain), | ||
resource.TestCheckResourceAttr(testResourceName, "display_name", updatedName), | ||
resource.TestCheckResourceAttr(testResourceName, "locked", updatedLocked), | ||
resource.TestCheckResourceAttr(testResourceName, "sequence_number", updatedSeqNum), | ||
resource.TestCheckResourceAttr(testResourceName, "tcp_strict", updatedTcpStrict), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic(t *testing.T) { | ||
name := getAccTestResourceName() | ||
testResourceName := "nsxt_policy_security_policy_no_rule.test" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, name) | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(false, name, "true", "1", "true"), | ||
}, | ||
{ | ||
ResourceName: testResourceName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *testing.T) { | ||
name := getAccTestResourceName() | ||
testResourceName := "nsxt_policy_security_policy_no_rule.test" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { | ||
testAccPreCheck(t) | ||
testAccOnlyMultitenancy(t) | ||
}, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicySecurityPolicyCheckDestroy(state, name, defaultDomain) | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(true, name, "true", "1", "true"), | ||
}, | ||
{ | ||
ResourceName: testResourceName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state *terraform.State, displayName string) error { | ||
connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) | ||
for _, rs := range state.RootModule().Resources { | ||
|
||
if rs.Type != "nsxt_policy_security_policy_no_rule" { | ||
continue | ||
} | ||
|
||
resourceID := rs.Primary.Attributes["id"] | ||
domain := rs.Primary.Attributes["domain"] | ||
exists, err := resourceNsxtPolicySecurityPolicyExistsInDomain(testAccGetSessionContext(), resourceID, domain, connector) | ||
if err != nil { | ||
return err | ||
} | ||
if exists { | ||
return fmt.Errorf("Policy SecurityPolicy %s still exists", displayName) | ||
} | ||
} | ||
return nil | ||
} | ||
|
||
func testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext bool, name, locked, seqNum, tcpStrict string) string { | ||
context := "" | ||
if withContext { | ||
context = testAccNsxtPolicyMultitenancyContext() | ||
} | ||
return testAccNsxtPolicySecurityPolicyDeps() + fmt.Sprintf(` | ||
resource "nsxt_policy_security_policy_no_rule" "test" { | ||
%s | ||
display_name = "%s" | ||
description = "Acceptance Test" | ||
domain = "default" | ||
category = "Application" | ||
locked = %s | ||
sequence_number = %s | ||
stateful = "true" | ||
tcp_strict = %s | ||
scope = [nsxt_policy_group.group1.path] | ||
tag { | ||
scope = "color" | ||
tag = "orange" | ||
} | ||
depends_on = [nsxt_policy_group.group1] | ||
}`, context, name, locked, seqNum, tcpStrict) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.