From 61ef07f9a35ac4941d21117f6ebb3b661613c030 Mon Sep 17 00:00:00 2001 From: Shawn Wang Date: Tue, 23 Apr 2024 14:53:57 -0700 Subject: [PATCH] Add visibility attr to policy IP block This change adds support of visibility to IP Block resource. Signed-off-by: Shawn Wang --- nsxt/resource_nsxt_policy_ip_block.go | 22 +++++- nsxt/resource_nsxt_policy_ip_block_test.go | 80 +++++++++++++++++--- website/docs/r/policy_ip_block.html.markdown | 3 + 3 files changed, 92 insertions(+), 13 deletions(-) diff --git a/nsxt/resource_nsxt_policy_ip_block.go b/nsxt/resource_nsxt_policy_ip_block.go index 7f0ff0fb6..8cf666557 100644 --- a/nsxt/resource_nsxt_policy_ip_block.go +++ b/nsxt/resource_nsxt_policy_ip_block.go @@ -8,6 +8,7 @@ import ( "log" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" @@ -15,6 +16,11 @@ import ( utl "github.com/vmware/terraform-provider-nsxt/api/utl" ) +var visibilityTypes = []string{ + model.IpAddressBlock_VISIBILITY_EXTERNAL, + model.IpAddressBlock_VISIBILITY_PRIVATE, +} + func resourceNsxtPolicyIPBlock() *schema.Resource { return &schema.Resource{ Create: resourceNsxtPolicyIPBlockCreate, @@ -39,6 +45,12 @@ func resourceNsxtPolicyIPBlock() *schema.Resource { Required: true, ValidateFunc: validateCidr(), }, + "visibility": { + Type: schema.TypeString, + Description: "Visibility of the Ip Block. Cannot be updated once associated with other resources.", + Optional: true, + ValidateFunc: validation.StringInSlice(visibilityTypes, false), + }, }, } } @@ -79,6 +91,7 @@ func resourceNsxtPolicyIPBlockRead(d *schema.ResourceData, m interface{}) error d.Set("path", block.Path) d.Set("revision", block.Revision) d.Set("cidr", block.Cidr) + d.Set("visibility", block.Visibility) return nil } @@ -95,6 +108,7 @@ func resourceNsxtPolicyIPBlockCreate(d *schema.ResourceData, m interface{}) erro displayName := d.Get("display_name").(string) description := d.Get("description").(string) cidr := d.Get("cidr").(string) + visibility := d.Get("visibility").(string) tags := getPolicyTagsFromSchema(d) obj := model.IpAddressBlock{ @@ -103,7 +117,9 @@ func resourceNsxtPolicyIPBlockCreate(d *schema.ResourceData, m interface{}) erro Cidr: &cidr, Tags: tags, } - + if nsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 { + obj.Visibility = &visibility + } // Create the resource using PATCH log.Printf("[INFO] Creating IP Block with ID %s", id) err = client.Patch(id, obj) @@ -129,6 +145,7 @@ func resourceNsxtPolicyIPBlockUpdate(d *schema.ResourceData, m interface{}) erro displayName := d.Get("display_name").(string) description := d.Get("description").(string) cidr := d.Get("cidr").(string) + visibility := d.Get("visibility").(string) revision := int64(d.Get("revision").(int)) tags := getPolicyTagsFromSchema(d) @@ -140,6 +157,9 @@ func resourceNsxtPolicyIPBlockUpdate(d *schema.ResourceData, m interface{}) erro Tags: tags, Revision: &revision, } + if nsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 { + obj.Visibility = &visibility + } _, err := client.Update(id, obj) if err != nil { diff --git a/nsxt/resource_nsxt_policy_ip_block_test.go b/nsxt/resource_nsxt_policy_ip_block_test.go index 298463c54..5de9285ba 100644 --- a/nsxt/resource_nsxt_policy_ip_block_test.go +++ b/nsxt/resource_nsxt_policy_ip_block_test.go @@ -26,7 +26,7 @@ func TestAccResourceNsxtPolicyIPBlock_minimal(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, false), + Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, false, false), Check: resource.ComposeTestCheckFunc( testAccNSXPolicyIPBlockCheckExists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", name), @@ -42,20 +42,28 @@ func TestAccResourceNsxtPolicyIPBlock_minimal(t *testing.T) { } func TestAccResourceNsxtPolicyIPBlock_basic(t *testing.T) { - testAccResourceNsxtPolicyIPBlockBasic(t, false, func() { + testAccResourceNsxtPolicyIPBlockBasic(t, false, false, func() { testAccPreCheck(t) testAccOnlyLocalManager(t) }) } +func TestAccResourceNsxtPolicyIPBlock_visibility(t *testing.T) { + testAccResourceNsxtPolicyIPBlockBasic(t, false, true, func() { + testAccPreCheck(t) + testAccOnlyLocalManager(t) + testAccNSXVersion(t, "4.2.0") + }) +} + func TestAccResourceNsxtPolicyIPBlock_multitenancy(t *testing.T) { - testAccResourceNsxtPolicyIPBlockBasic(t, true, func() { + testAccResourceNsxtPolicyIPBlockBasic(t, true, false, func() { testAccPreCheck(t) testAccOnlyMultitenancy(t) }) } -func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCheck func()) { +func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, withVisibility bool, preCheck func()) { name := getAccTestResourceName() testResourceName := "nsxt_policy_ip_block.test" cidr := "192.168.1.0/24" @@ -69,7 +77,7 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh }, Steps: []resource.TestStep{ { - Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, withContext), + Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, withContext, withVisibility), Check: resource.ComposeTestCheckFunc( testAccNSXPolicyIPBlockCheckExists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", name), @@ -78,10 +86,11 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh resource.TestCheckResourceAttrSet(testResourceName, "revision"), resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), resource.TestCheckResourceAttrSet(testResourceName, "path"), + testAccNSXPolicyIPBlockVisibility(testResourceName, withVisibility, "EXTERNAL"), ), }, { - Config: testAccNSXPolicyIPBlockUpdateTemplate(name, cidr2, withContext), + Config: testAccNSXPolicyIPBlockUpdateTemplate(name, cidr2, withContext, withVisibility), Check: resource.ComposeTestCheckFunc( testAccNSXPolicyIPBlockCheckExists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", name), @@ -90,6 +99,7 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh resource.TestCheckResourceAttrSet(testResourceName, "revision"), resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), resource.TestCheckResourceAttrSet(testResourceName, "path"), + testAccNSXPolicyIPBlockVisibility(testResourceName, withVisibility, "PRIVATE"), ), }, }, @@ -108,7 +118,30 @@ func TestAccResourceNsxtPolicyIPBlock_importBasic(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false), + Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false, false), + }, + { + ResourceName: testResourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccResourceNsxtPolicyIPBlock_importVisibility(t *testing.T) { + name := getAccTestResourceName() + testResourceName := "nsxt_policy_ip_block.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccOnlyLocalManager(t); testAccPreCheck(t); testAccNSXVersion(t, "4.2.0") }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNSXPolicyIPBlockCheckDestroy(state) + }, + Steps: []resource.TestStep{ + { + Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false, true), }, { ResourceName: testResourceName, @@ -131,7 +164,7 @@ func TestAccResourceNsxtPolicyIPBlock_importBasic_multitenancy(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", true), + Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", true, false), }, { ResourceName: testResourceName, @@ -167,6 +200,15 @@ func testAccNSXPolicyIPBlockCheckExists(resourceName string) resource.TestCheckF } } +func testAccNSXPolicyIPBlockVisibility(resourceName string, withVisibility bool, expected string) resource.TestCheckFunc { + if !withVisibility { + return func(state *terraform.State) error { + return nil + } + } + return resource.TestCheckResourceAttr(resourceName, "visibility", expected) +} + func testAccNSXPolicyIPBlockCheckDestroy(state *terraform.State) error { connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) client := infra.NewIpBlocksClient(testAccGetSessionContext(), connector) @@ -185,29 +227,43 @@ func testAccNSXPolicyIPBlockCheckDestroy(state *terraform.State) error { return nil } -func testAccNSXPolicyIPBlockCreateMinimalTemplate(displayName string, cidr string, withContext bool) string { +func testAccNSXPolicyIPBlockCreateMinimalTemplate(displayName string, cidr string, withContext, withVisibility bool) string { context := "" if withContext { context = testAccNsxtPolicyMultitenancyContext() } + + visibility := "" + if withVisibility { + visibility = " visibility = \"EXTERNAL\"" + } + return fmt.Sprintf(` resource "nsxt_policy_ip_block" "test" { %s display_name = "%s" cidr = "%s" -}`, context, displayName, cidr) +%s +}`, context, displayName, cidr, visibility) } -func testAccNSXPolicyIPBlockUpdateTemplate(displayName string, cidr string, withContext bool) string { +func testAccNSXPolicyIPBlockUpdateTemplate(displayName string, cidr string, withContext, withVisibility bool) string { context := "" if withContext { context = testAccNsxtPolicyMultitenancyContext() } + + visibility := "" + if withVisibility { + visibility = " visibility = \"PRIVATE\"" + } + return fmt.Sprintf(` resource "nsxt_policy_ip_block" "test" { %s display_name = "%s" cidr = "%s" +%s tag { scope = "scope1" @@ -218,5 +274,5 @@ resource "nsxt_policy_ip_block" "test" { scope = "scope2" tag = "tag2" } -}`, context, displayName, cidr) +}`, context, displayName, cidr, visibility) } diff --git a/website/docs/r/policy_ip_block.html.markdown b/website/docs/r/policy_ip_block.html.markdown index ed75fe035..3bf50fb7a 100644 --- a/website/docs/r/policy_ip_block.html.markdown +++ b/website/docs/r/policy_ip_block.html.markdown @@ -17,6 +17,7 @@ This resource is applicable to NSX Policy Manager. resource "nsxt_policy_ip_block" "block1" { display_name = "ip-block1" cidr = "192.168.1.0/24" + visibility = "PRIVATE" tag { scope = "color" @@ -43,6 +44,7 @@ resource "nsxt_policy_ip_block" "block1" { } display_name = "ip-block1" cidr = "192.168.1.0/24" + visibility = "PRIVATE" tag { scope = "color" @@ -63,6 +65,7 @@ The following arguments are supported: * `display_name` - (Required) The display name for the IP Block. * `description` - (Optional) Description of the resource. * `cidr` - (Required) Network address and the prefix length which will be associated with a layer-2 broadcast domain. +* `visibility` - (Optional) Visibility of the IP Block. Valid options are `PRIVATE`, `EXTERNAL` or unset. Visibility cannot be changed once the block is associated with other resources. * `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the resource. * `tag` - (Optional) A list of scope + tag pairs to associate with this IP Block. * `context` - (Optional) The context which the object belongs to