From 7b95b00c73646975b8544a35596c6973bb000513 Mon Sep 17 00:00:00 2001 From: Kobi Samoray Date: Thu, 23 Feb 2023 15:10:40 +0200 Subject: [PATCH] Add custom attribute support to context profile Allow usage of custom attributes in context profile objects. Fixes: #698, #839 Signed-off-by: Kobi Samoray --- nsxt/resource_nsxt_policy_context_profile.go | 60 ++++++++++++---- ...y_context_profile_custom_attribute_test.go | 8 ++- ...source_nsxt_policy_context_profile_test.go | 69 +++++++++++++++---- ...source_nsxt_policy_security_policy_test.go | 2 +- nsxt/utils_test.go | 10 +++ .../r/policy_context_profile.html.markdown | 24 ++++++- 6 files changed, 142 insertions(+), 31 deletions(-) diff --git a/nsxt/resource_nsxt_policy_context_profile.go b/nsxt/resource_nsxt_policy_context_profile.go index baf48c8b0..9643b6258 100644 --- a/nsxt/resource_nsxt_policy_context_profile.go +++ b/nsxt/resource_nsxt_policy_context_profile.go @@ -11,20 +11,24 @@ import ( "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client" gm_infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra" gm_cont_prof "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/context_profiles" + gm_custom_attr "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/context_profiles/custom_attributes" gm_model "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra" cont_prof "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/context_profiles" + custom_attr "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/context_profiles/custom_attributes" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" ) var attributeKeyMap = map[string]string{ "app_id": model.PolicyAttributes_KEY_APP_ID, + "custom_url": model.PolicyAttributes_KEY_CUSTOM_URL, "domain_name": model.PolicyAttributes_KEY_DOMAIN_NAME, "url_category": model.PolicyAttributes_KEY_URL_CATEGORY, } var attributeReverseKeyMap = map[string]string{ model.PolicyAttributes_KEY_APP_ID: "app_id", + model.PolicyAttributes_KEY_CUSTOM_URL: "custom_url", model.PolicyAttributes_KEY_DOMAIN_NAME: "domain_name", model.PolicyAttributes_KEY_URL_CATEGORY: "url_category", } @@ -59,6 +63,7 @@ func resourceNsxtPolicyContextProfile() *schema.Resource { "revision": getRevisionSchema(), "tag": getTagsSchema(), "app_id": getContextProfilePolicyAppIDAttributesSchema(), + "custom_url": getContextProfilePolicyOtherAttributesSchema(), "domain_name": getContextProfilePolicyOtherAttributesSchema(), "url_category": getContextProfilePolicyOtherAttributesSchema(), }, @@ -346,15 +351,7 @@ func checkAttributesValid(attributes []interface{}, m interface{}, key string) e return err } } - var attrClient interface{} - connector := getPolicyConnector(m) - isPolicyGlobalManager := isPolicyGlobalManager(m) - if isPolicyGlobalManager { - attrClient = gm_cont_prof.NewAttributesClient(connector) - } else { - attrClient = cont_prof.NewAttributesClient(connector) - } - attributeValues, err := listAttributesWithKey(attributeKeyMap[key], attrClient, isPolicyGlobalManager) + attributeValues, err := listAttributesWithKey(attributeKeyMap[key], m) if err != nil { return err } @@ -382,10 +379,19 @@ func validateSubAttributes(attributes []interface{}) error { return nil } -func listAttributesWithKey(attributeKey string, attributeClient interface{}, isPolicyGlobalManager bool) ([]string, error) { +func listAttributesWithKey(attributeKey string, m interface{}) ([]string, error) { // returns a list of attribute values policyAttributes := make([]string, 0) - policyContextProfileListResult, err := listContextProfileWithKey(&attributeKey, attributeClient, isPolicyGlobalManager) + policyContextProfileListResult, err := listSystemAttributesWithKey(&attributeKey, m) + if err != nil { + return policyAttributes, err + } + for _, policyContextProfile := range policyContextProfileListResult.Results { + for _, attribute := range policyContextProfile.Attributes { + policyAttributes = append(policyAttributes, attribute.Value...) + } + } + policyContextProfileListResult, err = listCustomAttributesWithKey(&attributeKey, m) if err != nil { return policyAttributes, err } @@ -397,11 +403,35 @@ func listAttributesWithKey(attributeKey string, attributeClient interface{}, isP return policyAttributes, nil } -func listContextProfileWithKey(attributeKey *string, attributeClient interface{}, isPolicyGlobalManager bool) (model.PolicyContextProfileListResult, error) { +func listSystemAttributesWithKey(attributeKey *string, m interface{}) (model.PolicyContextProfileListResult, error) { var policyContextProfileListResult model.PolicyContextProfileListResult includeMarkForDeleteObjectsParam := false - if isPolicyGlobalManager { - client := attributeClient.(gm_cont_prof.AttributesClient) + connector := getPolicyConnector(m) + if isPolicyGlobalManager(m) { + client := gm_cont_prof.NewAttributesClient(connector) + gmPolicyContextProfileListResult, err := client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil) + if err != nil { + return policyContextProfileListResult, err + } + lmPolicyContextProfileListResult, err := convertModelBindingType(gmPolicyContextProfileListResult, gm_model.PolicyContextProfileListResultBindingType(), model.PolicyContextProfileListResultBindingType()) + if err != nil { + return policyContextProfileListResult, err + } + policyContextProfileListResult = lmPolicyContextProfileListResult.(model.PolicyContextProfileListResult) + return policyContextProfileListResult, err + } + var err error + client := cont_prof.NewAttributesClient(connector) + policyContextProfileListResult, err = client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil) + return policyContextProfileListResult, err +} + +func listCustomAttributesWithKey(attributeKey *string, m interface{}) (model.PolicyContextProfileListResult, error) { + var policyContextProfileListResult model.PolicyContextProfileListResult + includeMarkForDeleteObjectsParam := false + connector := getPolicyConnector(m) + if isPolicyGlobalManager(m) { + client := gm_custom_attr.NewDefaultClient(connector) gmPolicyContextProfileListResult, err := client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil) if err != nil { return policyContextProfileListResult, err @@ -414,7 +444,7 @@ func listContextProfileWithKey(attributeKey *string, attributeClient interface{} return policyContextProfileListResult, err } var err error - client := attributeClient.(cont_prof.AttributesClient) + client := custom_attr.NewDefaultClient(connector) policyContextProfileListResult, err = client.List(attributeKey, nil, nil, &includeMarkForDeleteObjectsParam, nil, nil, nil, nil) return policyContextProfileListResult, err } diff --git a/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go b/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go index ad8d9ebf5..f5763f63b 100644 --- a/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go +++ b/nsxt/resource_nsxt_policy_context_profile_custom_attribute_test.go @@ -111,9 +111,15 @@ func testAccNsxtPolicyContextProfileCustomAttributeCheckDestroy(state *terraform } func testAccNsxtPolicyContextProfileCustomAttributeTemplate() string { + return testAccNsxtPolicyContextProfileCustomAttributeArgTemplate( + accTestPolicyContextProfileCustomAttributeAttributes["key"], + accTestPolicyContextProfileCustomAttributeAttributes["attribute"]) +} + +func testAccNsxtPolicyContextProfileCustomAttributeArgTemplate(key string, attribute string) string { return fmt.Sprintf(` resource "nsxt_policy_context_profile_custom_attribute" "test" { key = "%s" attribute = "%s" -}`, accTestPolicyContextProfileCustomAttributeAttributes["key"], accTestPolicyContextProfileCustomAttributeAttributes["attribute"]) +}`, key, attribute) } diff --git a/nsxt/resource_nsxt_policy_context_profile_test.go b/nsxt/resource_nsxt_policy_context_profile_test.go index 0bbc39b15..183c51b02 100644 --- a/nsxt/resource_nsxt_policy_context_profile_test.go +++ b/nsxt/resource_nsxt_policy_context_profile_test.go @@ -13,11 +13,15 @@ import ( "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra" ) +const ( + testSystemDomainName = "*-myfiles.sharepoint.com" +) + func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) { name := getAccTestResourceName() updatedName := getAccTestResourceName() testResourceName := "nsxt_policy_context_profile.test" - attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() + attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) updatedAttributes := testAccNsxtPolicyContextProfileAttributeURLCategoryTemplate() resource.Test(t, resource.TestCase{ @@ -41,7 +45,7 @@ func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"), resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"), resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"), - resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName), ), }, { @@ -65,10 +69,44 @@ func TestAccResourceNsxtPolicyContextProfile_basic(t *testing.T) { }) } +func TestAccResourceNsxtPolicyContextProfile_CustomDomain(t *testing.T) { + name := getAccTestResourceName() + testResourceName := "nsxt_policy_context_profile.test" + fqdn := getAccTestFQDN() + attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(fqdn) + dependsOn := testAccNsxtPolicyContextProfileDependsOnTemplate("nsxt_policy_context_profile_custom_attribute.test") + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNsxtPolicyContextProfileCheckDestroy(state, testResourceName) + }, + Steps: []resource.TestStep{ + { + Config: testAccNsxtPolicyContextProfileCustomAttributeArgTemplate(accTestPolicyContextProfileCustomAttributeAttributes["key"], fqdn) + testAccNsxtPolicyContextProfileTemplate(name, attributes+dependsOn), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyContextProfileExists(testResourceName), + resource.TestCheckResourceAttr(testResourceName, "display_name", name), + resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"), + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), + resource.TestCheckResourceAttr(testResourceName, "app_id.#", "0"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"), + resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", fqdn), + ), + }, + }, + }) +} + func TestAccResourceNsxtPolicyContextProfile_importBasic(t *testing.T) { name := getAccTestResourceName() testResourceName := "nsxt_policy_context_profile.test" - attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() + attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") }, @@ -93,8 +131,8 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) { name := getAccTestResourceName() updatedName := getAccTestResourceName() testResourceName := "nsxt_policy_context_profile.test" - attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() - updatedAttributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() + testAccNsxtPolicyContextProfileAttributeAppIDTemplate() + attributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) + updatedAttributes := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) + testAccNsxtPolicyContextProfileAttributeAppIDTemplate() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") }, @@ -117,7 +155,7 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"), resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"), resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"), - resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName), ), }, { @@ -139,7 +177,7 @@ func TestAccResourceNsxtPolicyContextProfile_multipleAttributes(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "app_id.0.value.1", "SSH"), resource.TestCheckResourceAttr(testResourceName, "app_id.0.value.2", "SSL"), resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"), - resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName), ), }, }, @@ -153,7 +191,7 @@ func TestAccResourceNsxtPolicyContextProfile_subAttributes(t *testing.T) { attributes := testAccNsxtPolicyContextProfileAttributeAppIDSubAttributesTemplate() updatedAttributes := testAccNsxtPolicyContextProfileAttributeAppIDSubAttributesUpdatedTemplate() attributesNoSub := testAccNsxtPolicyContextProfileAttributeAppIDSslTemplate() - attributesDomainName := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() + attributesDomainName := testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccNSXVersion(t, "3.0.0") }, @@ -244,7 +282,7 @@ func TestAccResourceNsxtPolicyContextProfile_subAttributes(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "domain_name.#", "1"), resource.TestCheckResourceAttr(testResourceName, "url_category.#", "0"), resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.#", "1"), - resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", "*-myfiles.sharepoint.com"), + resource.TestCheckResourceAttr(testResourceName, "domain_name.0.value.0", testSystemDomainName), ), }, }, @@ -314,11 +352,11 @@ resource "nsxt_policy_context_profile" "test" { }`, name, attributes) } -func testAccNsxtPolicyContextProfileAttributeDomainNameTemplate() string { - return ` +func testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(domain string) string { + return fmt.Sprintf(` domain_name { - value = ["*-myfiles.sharepoint.com"] -}` + value = ["%s"] +}`, domain) } func testAccNsxtPolicyContextProfileAttributeAppIDTemplate() string { @@ -361,3 +399,8 @@ app_id { value = ["SSL"] }` } + +func testAccNsxtPolicyContextProfileDependsOnTemplate(dependency string) string { + return fmt.Sprintf(` +depends_on = [%s]`, dependency) +} diff --git a/nsxt/resource_nsxt_policy_security_policy_test.go b/nsxt/resource_nsxt_policy_security_policy_test.go index 7e157a66f..aeba2ae76 100644 --- a/nsxt/resource_nsxt_policy_security_policy_test.go +++ b/nsxt/resource_nsxt_policy_security_policy_test.go @@ -839,5 +839,5 @@ func testAccNsxtPolicySecurityPolicyWithProfiles(name string, direction string, profiles := ` profiles = [nsxt_policy_context_profile.test.path] ` - return testAccNsxtPolicyContextProfileTemplate("security-policy-test-profile", testAccNsxtPolicyContextProfileAttributeDomainNameTemplate()) + testAccNsxtPolicySecurityPolicyWithRule(name, direction, protocol, ruleTag, domainName, profiles) + return testAccNsxtPolicyContextProfileTemplate("security-policy-test-profile", testAccNsxtPolicyContextProfileAttributeDomainNameTemplate(testSystemDomainName)) + testAccNsxtPolicySecurityPolicyWithRule(name, direction, protocol, ruleTag, domainName, profiles) } diff --git a/nsxt/utils_test.go b/nsxt/utils_test.go index 869832813..c36f5371e 100644 --- a/nsxt/utils_test.go +++ b/nsxt/utils_test.go @@ -52,6 +52,7 @@ const doubleTags string = ` }` var randomized = false +var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz") func initRand() { if randomized { @@ -71,6 +72,15 @@ func getAccTestResourceName() string { return fmt.Sprintf("%s-%d", testAccResourceName, rand.Intn(100000)) } +func getAccTestFQDN() string { + initRand() + b := make([]rune, 10) + for i := range b { + b[i] = letterRunes[rand.Intn(len(letterRunes))] + } + return fmt.Sprintf("test.%s.org", string(b)) +} + func getTier0RouterName() string { name := os.Getenv("NSXT_TEST_TIER0_ROUTER") if name == "" { diff --git a/website/docs/r/policy_context_profile.html.markdown b/website/docs/r/policy_context_profile.html.markdown index 0b6e74c07..5168305de 100644 --- a/website/docs/r/policy_context_profile.html.markdown +++ b/website/docs/r/policy_context_profile.html.markdown @@ -31,10 +31,29 @@ resource "nsxt_policy_context_profile" "test" { ``` +With a custom attribute: + +```hcl +resource "nsxt_policy_context_profile_custom_attribute" "test1" { + key = "CUSTOM_URL" + attribute = "test.some.org" +} + +resource "nsxt_policy_context_profile" "test2" { + display_name = "test2" + description = "Terraform provisioned ContextProfile" + custom_url { + value = ["test.some.org"] + } + depends_on = [nsxt_policy_context_profile_custom_attribute.test1] +} + +``` + ## Argument Reference The following arguments are supported: -Note: At least one of `app_id`, `domain_name`, or `url_category` must present. +Note: At least one of `app_id`, `custom_url`, domain_name`, or `url_category` must present. * `display_name` - (Required) Display name of the resource. * `description` - (Optional) Description of the resource. @@ -47,6 +66,9 @@ Note: At least one of `app_id`, `domain_name`, or `url_category` must present. * `tls_cipher_suite` - (Optional) A list of string indicating values for `tls_cipher_suite`, only applicable to `SSL`. * `tls_version` - (Optional) A list of string indicating values for `tls_version`, only applicable to `SSL`. * `cifs_smb_version` - (Optional) A list of string indicating values for `cifs_smb_version`, only applicable to `CIFS`. +* `custom_url` - (Optional) A block to specify custom URL attributes for the context profile. Only one block is allowed. + * `description` - (Optional) Description of the attribute. + * `value` - (Required) A list of string indicating values for the `custom_url`. Must be a subset of valid values for `custom_url` on NSX. * `domain_name` - (Optional) A block to specify domain name (FQDN) attributes for the context profile. Only one block is allowed. * `description` - (Optional) Description of the attribute. * `value` - (Required) A list of string indicating values for the `domain_name`. Must be a subset of valid values for `domain_name` on NSX.