From bec655f311e451e67ec76dbff2245649aa1893e4 Mon Sep 17 00:00:00 2001
From: graysonwu <wgrayson@vmware.com>
Date: Fri, 15 Dec 2023 16:01:17 -0800
Subject: [PATCH] General CRUD for SecurityPolicy

Signed-off-by: graysonwu <wgrayson@vmware.com>
---
 ...urce_nsxt_policy_parent_security_policy.go | 62 ++------------
 nsxt/resource_nsxt_policy_security_policy.go  | 84 +++++++++++--------
 2 files changed, 56 insertions(+), 90 deletions(-)

diff --git a/nsxt/resource_nsxt_policy_parent_security_policy.go b/nsxt/resource_nsxt_policy_parent_security_policy.go
index 528100858..5f10fd855 100644
--- a/nsxt/resource_nsxt_policy_parent_security_policy.go
+++ b/nsxt/resource_nsxt_policy_parent_security_policy.go
@@ -5,8 +5,6 @@ package nsxt
 
 import (
 	"fmt"
-	"log"
-
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 
@@ -26,31 +24,6 @@ func resourceNsxtPolicyParentSecurityPolicy() *schema.Resource {
 	}
 }
 
-func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
-	connector := getPolicyConnector(m)
-
-	// Initialize resource Id and verify this ID is not yet used
-	id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(d.Get("domain").(string)))
-	if err != nil {
-		return err
-	}
-
-	log.Printf("[INFO] Creating Security Policy with ID %s", id)
-	domain := d.Get("domain").(string)
-	client := domains.NewSecurityPoliciesClient(getSessionContext(d, m), connector)
-
-	obj := parentSecurityPolicySchemaToModel(d, id)
-	err = client.Patch(domain, id, obj)
-	if err != nil {
-		return handleCreateError("Security Policy", id, err)
-	}
-
-	d.SetId(id)
-	d.Set("nsx_id", id)
-
-	return resourceNsxtPolicyParentSecurityPolicyRead(d, m)
-}
-
 func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.SecurityPolicy {
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
@@ -80,11 +53,6 @@ func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.
 	}
 }
 
-func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
-	_, err := parentSecurityPolicyModelToSchema(d, m)
-	return err
-}
-
 func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*model.SecurityPolicy, error) {
 	connector := getPolicyConnector(m)
 	id := d.Id()
@@ -118,30 +86,16 @@ func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*
 	return &obj, nil
 }
 
-func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	connector := getPolicyConnector(m)
-
-	id := d.Id()
-	if id == "" {
-		return fmt.Errorf("Error obtaining Security Policy id")
-	}
-
-	log.Printf("[INFO] Updating Security Policy with ID %s", id)
-	domain := d.Get("domain").(string)
-	client := domains.NewSecurityPoliciesClient(getSessionContext(d, m), connector)
-	remoteObj, err := client.Get(domain, id)
-	if err != nil {
-		return handleUpdateError("Security Policy", id, err)
-	}
+func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false)
+}
 
-	obj := parentSecurityPolicySchemaToModel(d, id)
-	obj.Rules = remoteObj.Rules
-	err = client.Patch(domain, id, obj)
-	if err != nil {
-		return handleUpdateError("Security Policy", id, err)
-	}
+func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false)
+}
 
-	return resourceNsxtPolicyParentSecurityPolicyRead(d, m)
+func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
diff --git a/nsxt/resource_nsxt_policy_security_policy.go b/nsxt/resource_nsxt_policy_security_policy.go
index 7ef1d9510..82dd3f9d5 100644
--- a/nsxt/resource_nsxt_policy_security_policy.go
+++ b/nsxt/resource_nsxt_policy_security_policy.go
@@ -55,14 +55,13 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(sessi
 	}
 }
 
-func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, connector client.Connector, isGlobalManager bool, id string, createFlow bool) error {
-
+func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule bool) error {
 	obj := parentSecurityPolicySchemaToModel(d, id)
 	domain := d.Get("domain").(string)
 	revision := int64(d.Get("revision").(int))
 	log.Printf("[INFO] Creating Security Policy with ID %s", id)
 
-	if createFlow {
+	if createFlow && withRule {
 		if err := validatePolicyRuleSequence(d); err != nil {
 			return err
 		}
@@ -71,12 +70,14 @@ func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, co
 		obj.Revision = &revision
 	}
 
-	policyChildren, err := getUpdatedRuleChildren(d)
-	if err != nil {
-		return err
-	}
-	if len(policyChildren) > 0 {
-		obj.Children = policyChildren
+	if withRule {
+		policyChildren, err := getUpdatedRuleChildren(d)
+		if err != nil {
+			return err
+		}
+		if len(policyChildren) > 0 {
+			obj.Children = policyChildren
+		}
 	}
 
 	log.Printf("[INFO] Using selective H-API for policy with ID %s", id)
@@ -84,15 +85,43 @@ func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, co
 }
 
 func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true)
+}
+
+func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true)
+}
+
+func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true)
+}
+
+func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
+	id := d.Id()
+	if id == "" {
+		return fmt.Errorf("Error obtaining Security Policy id")
+	}
+
 	connector := getPolicyConnector(m)
 
+	client := domains.NewSecurityPoliciesClient(getSessionContext(d, m), connector)
+	err := client.Delete(d.Get("domain").(string), id)
+
+	if err != nil {
+		return handleDeleteError("Security Policy", id, err)
+	}
+
+	return nil
+}
+
+func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule bool) error {
 	// Initialize resource Id and verify this ID is not yet used
 	id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(d.Get("domain").(string)))
 	if err != nil {
 		return err
 	}
 
-	err = policySecurityPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, true)
+	err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule)
 
 	if err != nil {
 		return handleCreateError("Security Policy", id, err)
@@ -101,46 +130,29 @@ func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{
 	d.SetId(id)
 	d.Set("nsx_id", id)
 
-	return resourceNsxtPolicySecurityPolicyRead(d, m)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)
 }
 
-func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
+func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule bool) error {
 	obj, err := parentSecurityPolicyModelToSchema(d, m)
 	if err != nil {
 		return err
 	}
-	return setPolicyRulesInSchema(d, obj.Rules)
-}
-
-func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	connector := getPolicyConnector(m)
-
-	id := d.Id()
-	if id == "" {
-		return fmt.Errorf("Error obtaining Security Policy id")
+	if withRule {
+		return setPolicyRulesInSchema(d, obj.Rules)
 	}
-	err := policySecurityPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, false)
-	if err != nil {
-		return handleUpdateError("Security Policy", id, err)
-	}
-
-	return resourceNsxtPolicySecurityPolicyRead(d, m)
+	return nil
 }
 
-func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
+func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule bool) error {
 	id := d.Id()
 	if id == "" {
 		return fmt.Errorf("Error obtaining Security Policy id")
 	}
-
-	connector := getPolicyConnector(m)
-
-	client := domains.NewSecurityPoliciesClient(getSessionContext(d, m), connector)
-	err := client.Delete(d.Get("domain").(string), id)
-
+	err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule)
 	if err != nil {
-		return handleDeleteError("Security Policy", id, err)
+		return handleUpdateError("Security Policy", id, err)
 	}
 
-	return nil
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule)
 }