-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement DFW settings Exclusion list
Signed-off-by: Kobi Samoray <[email protected]>
- Loading branch information
Showing
5 changed files
with
381 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
118 changes: 118 additions & 0 deletions
118
api/infra/settings/firewall/security/policy_exclude_list.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
//nolint:revive | ||
package security | ||
|
||
// The following file has been autogenerated. Please avoid any changes! | ||
import ( | ||
"errors" | ||
|
||
vapiProtocolClient_ "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client" | ||
client1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security" | ||
model1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model" | ||
client0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security" | ||
model0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" | ||
|
||
utl "github.com/vmware/terraform-provider-nsxt/api/utl" | ||
) | ||
|
||
type PolicyExcludeListClientContext utl.ClientContext | ||
|
||
func NewExcludeListClient(sessionContext utl.SessionContext, connector vapiProtocolClient_.Connector) *PolicyExcludeListClientContext { | ||
var client interface{} | ||
|
||
switch sessionContext.ClientType { | ||
|
||
case utl.Local: | ||
client = client0.NewExcludeListClient(connector) | ||
|
||
case utl.Global: | ||
client = client1.NewExcludeListClient(connector) | ||
|
||
default: | ||
return nil | ||
} | ||
return &PolicyExcludeListClientContext{Client: client, ClientType: sessionContext.ClientType, ProjectID: sessionContext.ProjectID} | ||
} | ||
|
||
func (c PolicyExcludeListClientContext) Get() (model0.PolicyExcludeList, error) { | ||
var obj model0.PolicyExcludeList | ||
var err error | ||
|
||
switch c.ClientType { | ||
|
||
case utl.Local: | ||
client := c.Client.(client0.ExcludeListClient) | ||
obj, err = client.Get() | ||
if err != nil { | ||
return obj, err | ||
} | ||
|
||
case utl.Global: | ||
client := c.Client.(client1.ExcludeListClient) | ||
gmObj, err1 := client.Get() | ||
if err1 != nil { | ||
return obj, err1 | ||
} | ||
var rawObj interface{} | ||
rawObj, err = utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType()) | ||
obj = rawObj.(model0.PolicyExcludeList) | ||
|
||
default: | ||
return obj, errors.New("invalid infrastructure for model") | ||
} | ||
return obj, err | ||
} | ||
|
||
func (c PolicyExcludeListClientContext) Patch(policyExcludeListParam model0.PolicyExcludeList) error { | ||
var err error | ||
|
||
switch c.ClientType { | ||
|
||
case utl.Local: | ||
client := c.Client.(client0.ExcludeListClient) | ||
err = client.Patch(policyExcludeListParam) | ||
|
||
case utl.Global: | ||
client := c.Client.(client1.ExcludeListClient) | ||
gmObj, err1 := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType()) | ||
if err1 != nil { | ||
return err1 | ||
} | ||
err = client.Patch(gmObj.(model1.PolicyExcludeList)) | ||
|
||
default: | ||
err = errors.New("invalid infrastructure for model") | ||
} | ||
return err | ||
} | ||
|
||
func (c PolicyExcludeListClientContext) Update(policyExcludeListParam model0.PolicyExcludeList) (model0.PolicyExcludeList, error) { | ||
var err error | ||
var obj model0.PolicyExcludeList | ||
|
||
switch c.ClientType { | ||
|
||
case utl.Local: | ||
client := c.Client.(client0.ExcludeListClient) | ||
obj, err = client.Update(policyExcludeListParam) | ||
|
||
case utl.Global: | ||
client := c.Client.(client1.ExcludeListClient) | ||
gmObj, err := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType()) | ||
if err != nil { | ||
return obj, err | ||
} | ||
gmObj, err = client.Update(gmObj.(model1.PolicyExcludeList)) | ||
if err != nil { | ||
return obj, err | ||
} | ||
obj1, err1 := utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType()) | ||
if err1 != nil { | ||
return obj, err1 | ||
} | ||
obj = obj1.(model0.PolicyExcludeList) | ||
|
||
default: | ||
err = errors.New("invalid infrastructure for model") | ||
} | ||
return obj, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
127 changes: 127 additions & 0 deletions
127
nsxt/resource_nsxt_policy_firewall_exclude_list_member.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
/* Copyright © 2023 VMware, Inc. All Rights Reserved. | ||
SPDX-License-Identifier: MPL-2.0 */ | ||
|
||
package nsxt | ||
|
||
import ( | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
utl "github.com/vmware/terraform-provider-nsxt/api/utl" | ||
"github.com/vmware/vsphere-automation-sdk-go/lib/vapi/std/errors" | ||
"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client" | ||
"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" | ||
|
||
"github.com/vmware/terraform-provider-nsxt/api/infra/settings/firewall/security" | ||
) | ||
|
||
func resourceNsxtPolicyFirewallExcludeListMember() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceNsxtPolicyFirewallExcludeListMemberCreate, | ||
Read: resourceNsxtPolicyFirewallExcludeListMemberRead, | ||
Delete: resourceNsxtPolicyFirewallExcludeListMemberDelete, | ||
Importer: &schema.ResourceImporter{ | ||
State: schema.ImportStatePassthrough, | ||
}, | ||
Schema: map[string]*schema.Schema{ | ||
"member": { | ||
Type: schema.TypeString, | ||
Description: "ExcludeList member", | ||
Required: true, | ||
ForceNew: true, | ||
ValidateFunc: validatePolicyPath(), | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func memberInList(member string, members []string) int { | ||
for i, mem := range members { | ||
if mem == member { | ||
return i | ||
} | ||
} | ||
return -1 | ||
} | ||
|
||
func resourceNsxtPolicyFirewallExcludeListMemberExists(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) { | ||
|
||
client := security.NewExcludeListClient(sessionContext, connector) | ||
obj, err := client.Get() | ||
if isNotFoundError(err) { | ||
return false, nil | ||
} else if err != nil { | ||
return false, err | ||
} | ||
if 0 <= memberInList(id, obj.Members) { | ||
return true, nil | ||
} | ||
|
||
return false, nil | ||
} | ||
|
||
func resourceNsxtPolicyFirewallExcludeListMemberCreate(d *schema.ResourceData, m interface{}) error { | ||
connector := getPolicyConnector(m) | ||
member := d.Get("member").(string) | ||
|
||
var obj model.PolicyExcludeList | ||
|
||
client := security.NewExcludeListClient(getSessionContext(d, m), connector) | ||
obj, err := client.Get() | ||
if isNotFoundError(err) { | ||
obj = model.PolicyExcludeList{ | ||
Members: []string{member}, | ||
} | ||
} else if err != nil { | ||
return handleCreateError("PolicyFirewallExcludeListMember", member, err) | ||
} | ||
if 0 <= memberInList(member, obj.Members) { | ||
return errors.AlreadyExists{} | ||
} | ||
obj.Members = append(obj.Members, member) | ||
err = client.Patch(obj) | ||
if err != nil { | ||
return handleCreateError("PolicyFirewallExcludeListMember", member, err) | ||
} | ||
|
||
d.SetId(member) | ||
|
||
return resourceNsxtPolicyFirewallExcludeListMemberRead(d, m) | ||
} | ||
|
||
func resourceNsxtPolicyFirewallExcludeListMemberRead(d *schema.ResourceData, m interface{}) error { | ||
connector := getPolicyConnector(m) | ||
member := d.Get("member").(string) | ||
|
||
client := security.NewExcludeListClient(getSessionContext(d, m), connector) | ||
obj, err := client.Get() | ||
if err != nil { | ||
return handleReadError(d, "PolicyFirewallExcludeListMember", member, err) | ||
} | ||
if 0 > memberInList(member, obj.Members) { | ||
return errors.NotFound{} | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func resourceNsxtPolicyFirewallExcludeListMemberDelete(d *schema.ResourceData, m interface{}) error { | ||
connector := getPolicyConnector(m) | ||
member := d.Get("member").(string) | ||
|
||
var obj model.PolicyExcludeList | ||
|
||
client := security.NewExcludeListClient(getSessionContext(d, m), connector) | ||
obj, err := client.Get() | ||
if isNotFoundError(err) { | ||
return errors.NotFound{} | ||
} else if err != nil { | ||
return handleDeleteError("PolicyFirewallExcludeListMember", member, err) | ||
} | ||
i := memberInList(member, obj.Members) | ||
if i < 0 { | ||
return errors.NotFound{} | ||
} | ||
|
||
obj.Members = append(obj.Members[:i], obj.Members[i+1:]...) | ||
err = client.Patch(obj) | ||
return err | ||
} |
120 changes: 120 additions & 0 deletions
120
nsxt/resource_nsxt_policy_firewall_exclude_list_member_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
/* Copyright © 2023 VMware, Inc. All Rights Reserved. | ||
SPDX-License-Identifier: MPL-2.0 */ | ||
|
||
package nsxt | ||
|
||
import ( | ||
"fmt" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
"testing" | ||
) | ||
|
||
func TestAccResourceNsxtPolicyFirewallExcludeListMember_basic(t *testing.T) { | ||
testResourceName := "nsxt_policy_firewall_exclude_list_member.test" | ||
name := getAccTestResourceName() | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { | ||
testAccPreCheck(t) | ||
}, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, "/infra/domains/default/groups/"+name) | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccNsxtPolicyFirewallExcludeListMemberExists(name, testResourceName), | ||
resource.TestCheckResourceAttr(testResourceName, "member", "/infra/domains/default/groups/"+name), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccResourceNsxtPolicyFirewallExcludeListMember_importBasic(t *testing.T) { | ||
name := getAccTestResourceName() | ||
testResourceName := "nsxt_policy_firewall_exclude_list_member.test" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { | ||
testAccPreCheck(t) | ||
}, | ||
Providers: testAccProviders, | ||
CheckDestroy: func(state *terraform.State) error { | ||
return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, "/infra/domains/default/groups/"+name) | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name), | ||
}, | ||
{ | ||
ResourceName: testResourceName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccNsxtPolicyFirewallExcludeListMemberExists(displayName string, resourceName string) resource.TestCheckFunc { | ||
return func(state *terraform.State) error { | ||
|
||
connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) | ||
|
||
rs, ok := state.RootModule().Resources[resourceName] | ||
if !ok { | ||
return fmt.Errorf("policy FirewallExcludeListMember resource %s not found in resources", resourceName) | ||
} | ||
|
||
resourceID := rs.Primary.ID | ||
if resourceID == "" { | ||
return fmt.Errorf("policy FirewallExcludeListMember resource ID not set in resources") | ||
} | ||
|
||
exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), resourceID, connector) | ||
if err != nil { | ||
return err | ||
} | ||
if !exists { | ||
return fmt.Errorf("policy FirewallExcludeListMember %s does not exist", resourceID) | ||
} | ||
|
||
return nil | ||
} | ||
} | ||
|
||
func testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state *terraform.State, member string) error { | ||
connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) | ||
for _, rs := range state.RootModule().Resources { | ||
|
||
if rs.Type != "nsxt_policy_firewall_exclude_list_member" { | ||
continue | ||
} | ||
|
||
exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), member, connector) | ||
if err == nil { | ||
return err | ||
} | ||
|
||
if exists { | ||
return fmt.Errorf("policy FirewallExcludeListMember %s still exists", member) | ||
} | ||
} | ||
return nil | ||
} | ||
|
||
func testAccNsxtPolicyFirewallExcludeListMemberTemplate(name string) string { | ||
return fmt.Sprintf(` | ||
resource "nsxt_policy_group" "test" { | ||
nsx_id = "%s" | ||
display_name = "%s" | ||
description = "Acceptance Test" | ||
} | ||
resource "nsxt_policy_firewall_exclude_list_member" "test" { | ||
member = nsxt_policy_group.test.path | ||
} | ||
`, name, name) | ||
} |