Add custom attribute support to context profile

Allow usage of custom attributes in context profile objects. Fixes: #698, #839 Signed-off-by: Kobi Samoray <[email protected]>
vmware · Mar 1, 2023 · 7b95b00 · 7b95b00
1 parent 0f020b0
commit 7b95b00
Show file tree

Hide file tree

Showing 6 changed files with 142 additions and 31 deletions.
diff --git a/nsxt/resource_nsxt_policy_context_profile.go b/nsxt/resource_nsxt_policy_context_profile.go
@@ -11,20 +11,24 @@ import (
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
 	gm_infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra"
 	gm_cont_prof "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/context_profiles"
+	gm_custom_attr "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/context_profiles/custom_attributes"
 	gm_model "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra"
 	cont_prof "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/context_profiles"
+	custom_attr "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/context_profiles/custom_attributes"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 )
 
 var attributeKeyMap = map[string]string{
 	"app_id":       model.PolicyAttributes_KEY_APP_ID,
+	"custom_url":   model.PolicyAttributes_KEY_CUSTOM_URL,
 	"domain_name":  model.PolicyAttributes_KEY_DOMAIN_NAME,
 	"url_category": model.PolicyAttributes_KEY_URL_CATEGORY,
 }
 
 var attributeReverseKeyMap = map[string]string{
 	model.PolicyAttributes_KEY_APP_ID:       "app_id",
+	model.PolicyAttributes_KEY_CUSTOM_URL:   "custom_url",
 	model.PolicyAttributes_KEY_DOMAIN_NAME:  "domain_name",
 	model.PolicyAttributes_KEY_URL_CATEGORY: "url_category",
 }
@@ -59,6 +63,7 @@ func resourceNsxtPolicyContextProfile() *schema.Resource {
 			"revision":     getRevisionSchema(),
 			"tag":          getTagsSchema(),
 			"app_id":       getContextProfilePolicyAppIDAttributesSchema(),
+			"custom_url":   getContextProfilePolicyOtherAttributesSchema(),
 			"domain_name":  getContextProfilePolicyOtherAttributesSchema(),
 			"url_category": getContextProfilePolicyOtherAttributesSchema(),
 		},
@@ -346,15 +351,7 @@ func checkAttributesValid(attributes []interface{}, m interface{}, key string) e
 			return err
 		}
 	}
-	var attrClient interface{}
-	connector := getPolicyConnector(m)
-	isPolicyGlobalManager := isPolicyGlobalManager(m)
-	if isPolicyGlobalManager {
-		attrClient = gm_cont_prof.NewAttributesClient(connector)
-	} else {
-		attrClient = cont_prof.NewAttributesClient(connector)
-	}
-	attributeValues, err := listAttributesWithKey(attributeKeyMap[key], attrClient, isPolicyGlobalManager)
+	attributeValues, err := listAttributesWithKey(attributeKeyMap[key], m)
 	if err != nil {
 		return err
 	}
@@ -382,10 +379,19 @@ func validateSubAttributes(attributes []interface{}) error {
 	return nil
 }
 
-func listAttributesWithKey(attributeKey string, attributeClient interface{}, isPolicyGlobalManager bool) ([]string, error) {
+func listAttributesWithKey(attributeKey string, m interface{}) ([]string, error) {
 	// returns a list of attribute values
 	policyAttributes := make([]string, 0)
-	policyContextProfileListResult, err := listContextProfileWithKey(&attributeKey, attributeClient, isPolicyGlobalManager)
+	policyContextProfileListResult, err := listSystemAttributesWithKey(&attributeKey, m)
+	if err != nil {
+		return policyAttributes, err
+	}
+	for _, policyContextProfile := range policyContextProfileListResult.Results {
+		for _, attribute := range policyContextProfile.Attributes {
+			policyAttributes = append(policyAttributes, attribute.Value...)
+		}
+	}
+	policyContextProfileListResult, err = listCustomAttributesWithKey(&attributeKey, m)
 	if err != nil {
 		return policyAttributes, err
 	}
@@ -397,11 +403,35 @@ func listAttributesWithKey(attributeKey string, attributeClient interface{}, isP
 	return policyAttributes, nil
 }
 
-func listContextProfileWithKey(attributeKey *string, attributeClient interface{}, isPolicyGlobalManager bool) (model.PolicyContextProfileListResult, error) {
+func listSystemAttributesWithKey(attributeKey *string, m interface{}) (model.PolicyContextProfileListResult, error) {
 	var policyContextProfileListResult model.PolicyContextProfileListResult
 	includeMarkForDeleteObjectsParam := false
-	if isPolicyGlobalManager {
-		client := attributeClient.(gm_cont_prof.AttributesClient)
+	connector := getPolicyConnector(m)
+	if isPolicyGlobalManager(m) {
+		client := gm_cont_prof.NewAttributesClient(connector)
+		gmPolicyContextProfileListResult, err := client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil)
+		if err != nil {
+			return policyContextProfileListResult, err
+		}
+		lmPolicyContextProfileListResult, err := convertModelBindingType(gmPolicyContextProfileListResult, gm_model.PolicyContextProfileListResultBindingType(), model.PolicyContextProfileListResultBindingType())
+		if err != nil {
+			return policyContextProfileListResult, err
+		}
+		policyContextProfileListResult = lmPolicyContextProfileListResult.(model.PolicyContextProfileListResult)
+		return policyContextProfileListResult, err
+	}
+	var err error
+	client := cont_prof.NewAttributesClient(connector)
+	policyContextProfileListResult, err = client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil)
+	return policyContextProfileListResult, err
+}
+
+func listCustomAttributesWithKey(attributeKey *string, m interface{}) (model.PolicyContextProfileListResult, error) {
+	var policyContextProfileListResult model.PolicyContextProfileListResult
+	includeMarkForDeleteObjectsParam := false
+	connector := getPolicyConnector(m)
+	if isPolicyGlobalManager(m) {
+		client := gm_custom_attr.NewDefaultClient(connector)
 		gmPolicyContextProfileListResult, err := client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil)
 		if err != nil {
 			return policyContextProfileListResult, err
@@ -414,7 +444,7 @@ func listContextProfileWithKey(attributeKey *string, attributeClient interface{}
 		return policyContextProfileListResult, err
 	}
 	var err error
-	client := attributeClient.(cont_prof.AttributesClient)
+	client := custom_attr.NewDefaultClient(connector)
 	policyContextProfileListResult, err = client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil)
 	return policyContextProfileListResult, err
 }

diff --git a/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go b/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go
@@ -111,9 +111,15 @@ func testAccNsxtPolicyContextProfileCustomAttributeCheckDestroy(state *terraform
 }
 
 func testAccNsxtPolicyContextProfileCustomAttributeTemplate() string {
+	return testAccNsxtPolicyContextProfileCustomAttributeArgTemplate(
+		accTestPolicyContextProfileCustomAttributeAttributes["key"],
+		accTestPolicyContextProfileCustomAttributeAttributes["attribute"])
+}
+
+func testAccNsxtPolicyContextProfileCustomAttributeArgTemplate(key string, attribute string) string {
 	return fmt.Sprintf(`
 resource "nsxt_policy_context_profile_custom_attribute" "test" {
   key = "%s"
   attribute = "%s"
-}`, accTestPolicyContextProfileCustomAttributeAttributes["key"], accTestPolicyContextProfileCustomAttributeAttributes["attribute"])
+}`, key, attribute)
 }
diff --git a/nsxt/resource_nsxt_policy_context_profile_test.go b/nsxt/resource_nsxt_policy_context_profile_test.go
@@ -13,11 +13,15 @@ import (
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra"
 )
 
+const (
+	testSystemDomainName = "*-myfiles.sharepoint.com"
+)
+
 func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) {
 	name := getAccTestResourceName()
 	updatedName := getAccTestResourceName()
 	testResourceName := "nsxt_policy_context_profile.test"
-	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()
+	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)
 	updatedAttributes := testAccNsxtPolicyContextProfileAttributeURLCategoryTemplate()
 
 	resource.Test(t, resource.TestCase{
@@ -41,7 +45,7 @@ func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"),
 					resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName),
 				),
 			},
 			{
@@ -65,10 +69,44 @@ func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) {
 	})
 }
 
+func TestAccResourceNsxtPolicyContextProfile_CustomDomain(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_context_profile.test"
+	fqdn := getAccTestFQDN()
+	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(fqdn)
+	dependsOn := testAccNsxtPolicyContextProfileDependsOnTemplate("nsxt_policy_context_profile_custom_attribute.test")
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") },
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicyContextProfileCheckDestroy(state, testResourceName)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicyContextProfileCustomAttributeArgTemplate(accTestPolicyContextProfileCustomAttributeAttributes["key"], fqdn) + testAccNsxtPolicyContextProfileTemplate(name, attributes+dependsOn),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNsxtPolicyContextProfileExists(testResourceName),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
+					resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"),
+					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
+					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
+					resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "app_id.#", "0"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", fqdn),
+				),
+			},
+		},
+	})
+}
+
 func TestAccResourceNsxtPolicyContextProfile_importBasic(t *testing.T) {
 	name := getAccTestResourceName()
 	testResourceName := "nsxt_policy_context_profile.test"
-	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()
+	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") },
@@ -93,8 +131,8 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) {
 	name := getAccTestResourceName()
 	updatedName := getAccTestResourceName()
 	testResourceName := "nsxt_policy_context_profile.test"
-	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()
-	updatedAttributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() + testAccNsxtPolicyContextProfileAttributeAppIDTemplate()
+	attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)
+	updatedAttributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) + testAccNsxtPolicyContextProfileAttributeAppIDTemplate()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") },
@@ -117,7 +155,7 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"),
 					resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName),
 				),
 			},
 			{
@@ -139,7 +177,7 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "app_id.0.value.1", "SSH"),
 					resource.TestCheckResourceAttr(testResourceName, "app_id.0.value.2", "SSL"),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName),
 				),
 			},
 		},
@@ -153,7 +191,7 @@ func TestAccResourceNsxtPolicyContextProfile_subAttributes(t *testing.T) {
 	attributes := testAccNsxtPolicyContextProfileAttributeAppIDSubAttributesTemplate()
 	updatedAttributes := testAccNsxtPolicyContextProfileAttributeAppIDSubAttributesUpdatedTemplate()
 	attributesNoSub := testAccNsxtPolicyContextProfileAttributeAppIDSslTemplate()
-	attributesDomainName := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()
+	attributesDomainName := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") },
@@ -244,7 +282,7 @@ func TestAccResourceNsxtPolicyContextProfile_subAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"),
 					resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"),
+					resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName),
 				),
 			},
 		},
@@ -314,11 +352,11 @@ resource "nsxt_policy_context_profile" "test" {
 }`, name, attributes)
 }
 
-func testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() string {
-	return `
+func testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(domain string) string {
+	return fmt.Sprintf(`
 domain_name {
-  value     = ["*-myfiles.sharepoint.com"]
-}`
+  value     = ["%s"]
+}`, domain)
 }
 
 func testAccNsxtPolicyContextProfileAttributeAppIDTemplate() string {
@@ -361,3 +399,8 @@ app_id {
   value     = ["SSL"]
 }`
 }
+
+func testAccNsxtPolicyContextProfileDependsOnTemplate(dependency string) string {
+	return fmt.Sprintf(`
+depends_on = [%s]`, dependency)
+}
diff --git a/nsxt/resource_nsxt_policy_security_policy_test.go b/nsxt/resource_nsxt_policy_security_policy_test.go
@@ -839,5 +839,5 @@ func testAccNsxtPolicySecurityPolicyWithProfiles(name string, direction string,
 	profiles := `
 profiles = [nsxt_policy_context_profile.test.path]
 `
-	return testAccNsxtPolicyContextProfileTemplate("security-policy-test-profile", testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()) + testAccNsxtPolicySecurityPolicyWithRule(name, direction, protocol, ruleTag, domainName, profiles)
+	return testAccNsxtPolicyContextProfileTemplate("security-policy-test-profile", testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)) + testAccNsxtPolicySecurityPolicyWithRule(name, direction, protocol, ruleTag, domainName, profiles)
 }
diff --git a/nsxt/utils_test.go b/nsxt/utils_test.go
@@ -52,6 +52,7 @@ const doubleTags string = `
   }`
 
 var randomized = false
+var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz")
 
 func initRand() {
 	if randomized {
@@ -71,6 +72,15 @@ func getAccTestResourceName() string {
 	return fmt.Sprintf("%s-%d", testAccResourceName, rand.Intn(100000))
 }
 
+func getAccTestFQDN() string {
+	initRand()
+	b := make([]rune, 10)
+	for i := range b {
+		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+	}
+	return fmt.Sprintf("test.%s.org", string(b))
+}
+
 func getTier0RouterName() string {
 	name := os.Getenv("NSXT_TEST_TIER0_ROUTER")
 	if name == "" {

diff --git a/website/docs/r/policy_context_profile.html.markdown b/website/docs/r/policy_context_profile.html.markdown
@@ -31,10 +31,29 @@ resource "nsxt_policy_context_profile" "test" {
 
 ```
 
+With a custom attribute:
+
+```hcl
+resource "nsxt_policy_context_profile_custom_attribute" "test1" {
+  key       = "CUSTOM_URL"
+  attribute = "test.some.org"
+}
+
+resource "nsxt_policy_context_profile" "test2" {
+  display_name = "test2"
+  description  = "Terraform provisioned ContextProfile"
+  custom_url {
+    value = ["test.some.org"]
+  }
+  depends_on = [nsxt_policy_context_profile_custom_attribute.test1]
+}
+
+```
+
 ## Argument Reference
 
 The following arguments are supported:
-Note: At least one of `app_id`, `domain_name`, or `url_category` must present.
+Note: At least one of `app_id`, `custom_url`, domain_name`, or `url_category` must present.
 
 * `display_name` - (Required) Display name of the resource.
 * `description` - (Optional) Description of the resource.
@@ -47,6 +66,9 @@ Note: At least one of `app_id`, `domain_name`, or `url_category` must present.
     * `tls_cipher_suite` - (Optional) A list of string indicating values for `tls_cipher_suite`, only applicable to `SSL`.
     * `tls_version` - (Optional) A list of string indicating values for `tls_version`, only applicable to `SSL`.
     * `cifs_smb_version` - (Optional) A list of string indicating values for `cifs_smb_version`, only applicable to `CIFS`.
+* `custom_url` - (Optional) A block to specify custom URL attributes for the context profile. Only one block is allowed.
+  * `description` - (Optional) Description of the attribute.
+  * `value` - (Required) A list of string indicating values for the `custom_url`. Must be a subset of valid values for `custom_url` on NSX.
 * `domain_name` - (Optional) A block to specify domain name (FQDN) attributes for the context profile. Only one block is allowed.
   * `description` - (Optional) Description of the attribute.
   * `value` - (Required) A list of string indicating values for the `domain_name`. Must be a subset of valid values for `domain_name` on NSX.