Merge pull request #1037 from ksamoray/dfw_exclude_list

Implement DFW settings Exclusion list
vmware · Jan 7, 2024 · 886c9fe · 886c9fe
2 parents c236d7a + 2f963e8
commit 886c9fe
Show file tree

Hide file tree

Showing 6 changed files with 499 additions and 1 deletion.
diff --git a/api/api_list.yaml b/api/api_list.yaml
@@ -897,4 +897,19 @@
     - Delete
     - Patch
     - Update
-    - List
+    - List
+- api_packages:
+    - client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security
+      model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model
+      type: Local
+    - client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security
+      model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model
+      type: Global
+  model_name: PolicyExcludeList
+  obj_name: PolicyExcludeList
+  client_name: ExcludeListClient
+  supported_method:
+    - New
+    - Get
+    - Patch
+    - Update
diff --git a/api/infra/settings/firewall/security/policy_exclude_list.go b/api/infra/settings/firewall/security/policy_exclude_list.go
@@ -0,0 +1,118 @@
+//nolint:revive
+package security
+
+// The following file has been autogenerated. Please avoid any changes!
+import (
+	"errors"
+
+	vapiProtocolClient_ "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	client1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security"
+	model1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model"
+	client0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security"
+	model0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
+
+	utl "github.com/vmware/terraform-provider-nsxt/api/utl"
+)
+
+type PolicyExcludeListClientContext utl.ClientContext
+
+func NewExcludeListClient(sessionContext utl.SessionContext, connector vapiProtocolClient_.Connector) *PolicyExcludeListClientContext {
+	var client interface{}
+
+	switch sessionContext.ClientType {
+
+	case utl.Local:
+		client = client0.NewExcludeListClient(connector)
+
+	case utl.Global:
+		client = client1.NewExcludeListClient(connector)
+
+	default:
+		return nil
+	}
+	return &PolicyExcludeListClientContext{Client: client, ClientType: sessionContext.ClientType, ProjectID: sessionContext.ProjectID}
+}
+
+func (c PolicyExcludeListClientContext) Get() (model0.PolicyExcludeList, error) {
+	var obj model0.PolicyExcludeList
+	var err error
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		obj, err = client.Get()
+		if err != nil {
+			return obj, err
+		}
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err1 := client.Get()
+		if err1 != nil {
+			return obj, err1
+		}
+		var rawObj interface{}
+		rawObj, err = utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
+		obj = rawObj.(model0.PolicyExcludeList)
+
+	default:
+		return obj, errors.New("invalid infrastructure for model")
+	}
+	return obj, err
+}
+
+func (c PolicyExcludeListClientContext) Patch(policyExcludeListParam model0.PolicyExcludeList) error {
+	var err error
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		err = client.Patch(policyExcludeListParam)
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err1 := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
+		if err1 != nil {
+			return err1
+		}
+		err = client.Patch(gmObj.(model1.PolicyExcludeList))
+
+	default:
+		err = errors.New("invalid infrastructure for model")
+	}
+	return err
+}
+
+func (c PolicyExcludeListClientContext) Update(policyExcludeListParam model0.PolicyExcludeList) (model0.PolicyExcludeList, error) {
+	var err error
+	var obj model0.PolicyExcludeList
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		obj, err = client.Update(policyExcludeListParam)
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
+		if err != nil {
+			return obj, err
+		}
+		gmObj, err = client.Update(gmObj.(model1.PolicyExcludeList))
+		if err != nil {
+			return obj, err
+		}
+		obj1, err1 := utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
+		if err1 != nil {
+			return obj, err1
+		}
+		obj = obj1.(model0.PolicyExcludeList)
+
+	default:
+		err = errors.New("invalid infrastructure for model")
+	}
+	return obj, err
+}
diff --git a/nsxt/provider.go b/nsxt/provider.go
@@ -441,6 +441,7 @@ func Provider() *schema.Provider {
 			"nsxt_policy_lb_http_application_profile":      resourceNsxtPolicyLBHttpApplicationProfile(),
 			"nsxt_policy_security_policy_rule":             resourceNsxtPolicySecurityPolicyRule(),
 			"nsxt_policy_parent_security_policy":           resourceNsxtPolicyParentSecurityPolicy(),
+			"nsxt_policy_firewall_exclude_list_member":     resourceNsxtPolicyFirewallExcludeListMember(),
 		},
 
 		ConfigureFunc: providerConfigure,

diff --git a/nsxt/resource_nsxt_policy_firewall_exclude_list_member.go b/nsxt/resource_nsxt_policy_firewall_exclude_list_member.go
@@ -0,0 +1,144 @@
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
+   SPDX-License-Identifier: MPL-2.0 */
+
+package nsxt
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	utl "github.com/vmware/terraform-provider-nsxt/api/utl"
+	"github.com/vmware/vsphere-automation-sdk-go/lib/vapi/std/errors"
+	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
+
+	"github.com/vmware/terraform-provider-nsxt/api/infra/settings/firewall/security"
+)
+
+func resourceNsxtPolicyFirewallExcludeListMember() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceNsxtPolicyFirewallExcludeListMemberCreate,
+		Read:   resourceNsxtPolicyFirewallExcludeListMemberRead,
+		Delete: resourceNsxtPolicyFirewallExcludeListMemberDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"member": {
+				Type:         schema.TypeString,
+				Description:  "ExcludeList member",
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validatePolicyPath(),
+			},
+		},
+	}
+}
+
+func memberInList(member string, members []string) int {
+	for i, mem := range members {
+		if mem == member {
+			return i
+		}
+	}
+	return -1
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberExists(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
+
+	client := security.NewExcludeListClient(sessionContext, connector)
+	obj, err := client.Get()
+	if isNotFoundError(err) {
+		return false, nil
+	} else if err != nil {
+		return false, err
+	}
+	if 0 <= memberInList(id, obj.Members) {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberCreate(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Get("member").(string)
+
+	doUpdate := func() error {
+		var obj model.PolicyExcludeList
+
+		client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+		obj, err := client.Get()
+		if isNotFoundError(err) {
+			obj = model.PolicyExcludeList{
+				Members: []string{member},
+			}
+		} else if err != nil {
+			return err
+		}
+		if 0 <= memberInList(member, obj.Members) {
+			return errors.AlreadyExists{}
+		}
+		obj.Members = append(obj.Members, member)
+		_, err = client.Update(obj)
+		if err != nil {
+			return err
+		}
+
+		d.SetId(member)
+
+		return nil
+	}
+	commonProviderConfig := getCommonProviderConfig(m)
+	err := retryUponPreconditionFailed(doUpdate, commonProviderConfig.MaxRetries)
+	if err != nil {
+		return handleCreateError("PolicyFirewallExcludeListMember", member, err)
+	}
+
+	return resourceNsxtPolicyFirewallExcludeListMemberRead(d, m)
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberRead(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Id()
+
+	client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+	obj, err := client.Get()
+	if err != nil {
+		return handleReadError(d, "PolicyFirewallExcludeListMember", member, err)
+	}
+	if 0 > memberInList(member, obj.Members) {
+		return errors.NotFound{}
+	}
+	d.Set("member", member)
+	return nil
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberDelete(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Get("member").(string)
+
+	doUpdate := func() error {
+		var obj model.PolicyExcludeList
+
+		client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+		obj, err := client.Get()
+		if isNotFoundError(err) {
+			return nil
+		} else if err != nil {
+			return err
+		}
+		i := memberInList(member, obj.Members)
+		if i < 0 {
+			return errors.NotFound{}
+		}
+
+		obj.Members = append(obj.Members[:i], obj.Members[i+1:]...)
+		_, err = client.Update(obj)
+		return err
+	}
+	commonProviderConfig := getCommonProviderConfig(m)
+	err := retryUponPreconditionFailed(doUpdate, commonProviderConfig.MaxRetries)
+	if err != nil {
+		return handleDeleteError("PolicyFirewallExcludeListMember", member, err)
+	}
+	return nil
+}