Skip to content

Commit

Permalink
Implement DFW settings Exclusion list
Browse files Browse the repository at this point in the history
Signed-off-by: Kobi Samoray <[email protected]>
  • Loading branch information
ksamoray committed Nov 22, 2023
1 parent 28b9901 commit 4e699b0
Show file tree
Hide file tree
Showing 5 changed files with 381 additions and 0 deletions.
15 changes: 15 additions & 0 deletions api/api_list.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -877,3 +877,18 @@
supported_method:
- New
- List
- api_packages:
- client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security
model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model
type: Local
- client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security
model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model
type: Global
model_name: PolicyExcludeList
obj_name: PolicyExcludeList
client_name: ExcludeListClient
supported_method:
- New
- Get
- Patch
- Update
118 changes: 118 additions & 0 deletions api/infra/settings/firewall/security/policy_exclude_list.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
//nolint:revive
package security

// The following file has been autogenerated. Please avoid any changes!
import (
"errors"

vapiProtocolClient_ "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
client1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security"
model1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model"
client0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security"
model0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"

utl "github.com/vmware/terraform-provider-nsxt/api/utl"
)

type PolicyExcludeListClientContext utl.ClientContext

func NewExcludeListClient(sessionContext utl.SessionContext, connector vapiProtocolClient_.Connector) *PolicyExcludeListClientContext {
var client interface{}

switch sessionContext.ClientType {

case utl.Local:
client = client0.NewExcludeListClient(connector)

case utl.Global:
client = client1.NewExcludeListClient(connector)

default:
return nil
}
return &PolicyExcludeListClientContext{Client: client, ClientType: sessionContext.ClientType, ProjectID: sessionContext.ProjectID}
}

func (c PolicyExcludeListClientContext) Get() (model0.PolicyExcludeList, error) {
var obj model0.PolicyExcludeList
var err error

switch c.ClientType {

case utl.Local:
client := c.Client.(client0.ExcludeListClient)
obj, err = client.Get()
if err != nil {
return obj, err
}

case utl.Global:
client := c.Client.(client1.ExcludeListClient)
gmObj, err1 := client.Get()
if err1 != nil {
return obj, err1
}
var rawObj interface{}
rawObj, err = utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
obj = rawObj.(model0.PolicyExcludeList)

default:
return obj, errors.New("invalid infrastructure for model")
}
return obj, err
}

func (c PolicyExcludeListClientContext) Patch(policyExcludeListParam model0.PolicyExcludeList) error {
var err error

switch c.ClientType {

case utl.Local:
client := c.Client.(client0.ExcludeListClient)
err = client.Patch(policyExcludeListParam)

case utl.Global:
client := c.Client.(client1.ExcludeListClient)
gmObj, err1 := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
if err1 != nil {
return err1
}
err = client.Patch(gmObj.(model1.PolicyExcludeList))

default:
err = errors.New("invalid infrastructure for model")
}
return err
}

func (c PolicyExcludeListClientContext) Update(policyExcludeListParam model0.PolicyExcludeList) (model0.PolicyExcludeList, error) {
var err error
var obj model0.PolicyExcludeList

switch c.ClientType {

case utl.Local:
client := c.Client.(client0.ExcludeListClient)
obj, err = client.Update(policyExcludeListParam)

case utl.Global:
client := c.Client.(client1.ExcludeListClient)
gmObj, err := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
if err != nil {
return obj, err
}
gmObj, err = client.Update(gmObj.(model1.PolicyExcludeList))
if err != nil {
return obj, err
}
obj1, err1 := utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
if err1 != nil {
return obj, err1
}
obj = obj1.(model0.PolicyExcludeList)

default:
err = errors.New("invalid infrastructure for model")
}
return obj, err
}
1 change: 1 addition & 0 deletions nsxt/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,7 @@ func Provider() *schema.Provider {
"nsxt_policy_host_transport_node": resourceNsxtPolicyHostTransportNode(),
"nsxt_edge_high_availability_profile": resourceNsxtEdgeHighAvailabilityProfile(),
"nsxt_policy_host_transport_node_collection": resourceNsxtPolicyHostTransportNodeCollection(),
"nsxt_policy_firewall_exclude_list_member": resourceNsxtPolicyFirewallExcludeListMember(),
},

ConfigureFunc: providerConfigure,
Expand Down
127 changes: 127 additions & 0 deletions nsxt/resource_nsxt_policy_firewall_exclude_list_member.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
/* Copyright © 2023 VMware, Inc. All Rights Reserved.
SPDX-License-Identifier: MPL-2.0 */

package nsxt

import (
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
utl "github.com/vmware/terraform-provider-nsxt/api/utl"
"github.com/vmware/vsphere-automation-sdk-go/lib/vapi/std/errors"
"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"

"github.com/vmware/terraform-provider-nsxt/api/infra/settings/firewall/security"
)

func resourceNsxtPolicyFirewallExcludeListMember() *schema.Resource {
return &schema.Resource{
Create: resourceNsxtPolicyFirewallExcludeListMemberCreate,
Read: resourceNsxtPolicyFirewallExcludeListMemberRead,
Delete: resourceNsxtPolicyFirewallExcludeListMemberDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"member": {
Type: schema.TypeString,
Description: "ExcludeList member",
Required: true,
ForceNew: true,
ValidateFunc: validatePolicyPath(),
},
},
}
}

func memberInList(member string, members []string) int {
for i, mem := range members {
if mem == member {
return i
}
}
return -1
}

func resourceNsxtPolicyFirewallExcludeListMemberExists(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {

client := security.NewExcludeListClient(sessionContext, connector)
obj, err := client.Get()
if isNotFoundError(err) {
return false, nil
} else if err != nil {
return false, err
}
if 0 <= memberInList(id, obj.Members) {
return true, nil
}

return false, nil
}

func resourceNsxtPolicyFirewallExcludeListMemberCreate(d *schema.ResourceData, m interface{}) error {
connector := getPolicyConnector(m)
member := d.Get("member").(string)

var obj model.PolicyExcludeList

client := security.NewExcludeListClient(getSessionContext(d, m), connector)
obj, err := client.Get()
if isNotFoundError(err) {
obj = model.PolicyExcludeList{
Members: []string{member},
}
} else if err != nil {
return handleCreateError("PolicyFirewallExcludeListMember", member, err)
}
if 0 <= memberInList(member, obj.Members) {
return errors.AlreadyExists{}
}
obj.Members = append(obj.Members, member)
err = client.Patch(obj)
if err != nil {
return handleCreateError("PolicyFirewallExcludeListMember", member, err)
}

d.SetId(member)

return resourceNsxtPolicyFirewallExcludeListMemberRead(d, m)
}

func resourceNsxtPolicyFirewallExcludeListMemberRead(d *schema.ResourceData, m interface{}) error {
connector := getPolicyConnector(m)
member := d.Get("member").(string)

client := security.NewExcludeListClient(getSessionContext(d, m), connector)
obj, err := client.Get()
if err != nil {
return handleReadError(d, "PolicyFirewallExcludeListMember", member, err)
}
if 0 > memberInList(member, obj.Members) {
return errors.NotFound{}
}

return nil
}

func resourceNsxtPolicyFirewallExcludeListMemberDelete(d *schema.ResourceData, m interface{}) error {
connector := getPolicyConnector(m)
member := d.Get("member").(string)

var obj model.PolicyExcludeList

client := security.NewExcludeListClient(getSessionContext(d, m), connector)
obj, err := client.Get()
if isNotFoundError(err) {
return errors.NotFound{}
} else if err != nil {
return handleDeleteError("PolicyFirewallExcludeListMember", member, err)
}
i := memberInList(member, obj.Members)
if i < 0 {
return errors.NotFound{}
}

obj.Members = append(obj.Members[:i], obj.Members[i+1:]...)
err = client.Patch(obj)
return err
}
120 changes: 120 additions & 0 deletions nsxt/resource_nsxt_policy_firewall_exclude_list_member_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
/* Copyright © 2023 VMware, Inc. All Rights Reserved.
SPDX-License-Identifier: MPL-2.0 */

package nsxt

import (
"fmt"

Check failure on line 7 in nsxt/resource_nsxt_policy_firewall_exclude_list_member_test.go

View workflow job for this annotation

GitHub Actions / lint

File is not `goimports`-ed (goimports)
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
"testing"
)

func TestAccResourceNsxtPolicyFirewallExcludeListMember_basic(t *testing.T) {
testResourceName := "nsxt_policy_firewall_exclude_list_member.test"
name := getAccTestResourceName()

resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: func(state *terraform.State) error {
return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, "/infra/domains/default/groups/"+name)
},
Steps: []resource.TestStep{
{
Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name),
Check: resource.ComposeTestCheckFunc(
testAccNsxtPolicyFirewallExcludeListMemberExists(name, testResourceName),
resource.TestCheckResourceAttr(testResourceName, "member", "/infra/domains/default/groups/"+name),
),
},
},
})
}

func TestAccResourceNsxtPolicyFirewallExcludeListMember_importBasic(t *testing.T) {
name := getAccTestResourceName()
testResourceName := "nsxt_policy_firewall_exclude_list_member.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: func(state *terraform.State) error {
return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, "/infra/domains/default/groups/"+name)
},
Steps: []resource.TestStep{
{
Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name),
},
{
ResourceName: testResourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testAccNsxtPolicyFirewallExcludeListMemberExists(displayName string, resourceName string) resource.TestCheckFunc {
return func(state *terraform.State) error {

connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))

rs, ok := state.RootModule().Resources[resourceName]
if !ok {
return fmt.Errorf("policy FirewallExcludeListMember resource %s not found in resources", resourceName)
}

resourceID := rs.Primary.ID
if resourceID == "" {
return fmt.Errorf("policy FirewallExcludeListMember resource ID not set in resources")
}

exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), resourceID, connector)
if err != nil {
return err
}
if !exists {
return fmt.Errorf("policy FirewallExcludeListMember %s does not exist", resourceID)
}

return nil
}
}

func testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state *terraform.State, member string) error {
connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
for _, rs := range state.RootModule().Resources {

if rs.Type != "nsxt_policy_firewall_exclude_list_member" {
continue
}

exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), member, connector)
if err == nil {
return err
}

if exists {
return fmt.Errorf("policy FirewallExcludeListMember %s still exists", member)
}
}
return nil
}

func testAccNsxtPolicyFirewallExcludeListMemberTemplate(name string) string {
return fmt.Sprintf(`
resource "nsxt_policy_group" "test" {
nsx_id = "%s"
display_name = "%s"
description = "Acceptance Test"
}
resource "nsxt_policy_firewall_exclude_list_member" "test" {
member = nsxt_policy_group.test.path
}
`, name, name)
}

0 comments on commit 4e699b0

Please sign in to comment.