test

Signed-off-by: graysonwu <[email protected]>
vmware · Dec 8, 2023 · d5d79a1 · d5d79a1
1 parent 149dc4e
commit d5d79a1
Show file tree

Hide file tree

Showing 11 changed files with 812 additions and 6 deletions.
diff --git a/nsxt/data_source_nsxt_policy_security_policy_rule.go b/nsxt/data_source_nsxt_policy_security_policy_rule.go
@@ -0,0 +1,85 @@
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
+   SPDX-License-Identifier: MPL-2.0 */
+
+package nsxt
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	securitypolicies "github.com/vmware/terraform-provider-nsxt/api/infra/domains/security_policies"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
+	"strings"
+)
+
+func dataSourceNsxtPolicySecurityPolicyRule() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceNsxtPolicySecurityPolicyRuleRead,
+
+		Schema: map[string]*schema.Schema{
+			"id":           getDataSourceIDSchema(),
+			"display_name": getDataSourceDisplayNameSchema(),
+			"description":  getDataSourceDescriptionSchema(),
+			"path":         getPathSchema(),
+			"policy_path":  getPolicyPathSchema(true, false, "Security Policy path"),
+			"context":      getContextSchema(),
+		},
+	}
+}
+
+func dataSourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+
+	policyPath := d.Get("policy_path").(string)
+	domain := getDomainFromResourcePath(policyPath)
+	policyID := getPolicyIDFromPath(policyPath)
+
+	client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
+	objID := d.Get("id").(string)
+	var obj model.Rule
+	if objID != "" {
+		// Get by id
+		objGet, err := client.Get(domain, policyID, objID)
+
+		if err != nil {
+			return handleDataSourceReadError(d, "SecurityPolicyRule", objID, err)
+		}
+		obj = objGet
+	} else {
+		// Get by full name/prefix
+		displayName := d.Get("display_name").(string)
+		objList, err := client.List(domain, policyID, nil, nil, nil, nil, nil, nil)
+		if err != nil {
+			return handleListError("SecurityPolicyRule", err)
+		}
+		// go over the list to find the correct one (prefer a perfect match. If not - prefix match)
+		var perfectMatch []model.Rule
+		var prefixMatch []model.Rule
+		for _, objInList := range objList.Results {
+			if strings.HasPrefix(*objInList.DisplayName, displayName) {
+				prefixMatch = append(prefixMatch, objInList)
+			}
+			if *objInList.DisplayName == displayName {
+				perfectMatch = append(perfectMatch, objInList)
+			}
+		}
+		if len(perfectMatch) > 0 {
+			if len(perfectMatch) > 1 {
+				return fmt.Errorf("Found multiple SecurityPolicyRule with name '%s'", displayName)
+			}
+			obj = perfectMatch[0]
+		} else if len(prefixMatch) > 0 {
+			if len(prefixMatch) > 1 {
+				return fmt.Errorf("Found multiple SecurityPolicyRule with name starting with '%s'", displayName)
+			}
+			obj = prefixMatch[0]
+		} else {
+			return fmt.Errorf("SecurityPolicyRule with name '%s' was not found", displayName)
+		}
+	}
+
+	d.SetId(*obj.Id)
+	d.Set("display_name", obj.DisplayName)
+	d.Set("description", obj.Description)
+	d.Set("path", obj.Path)
+	return nil
+}
diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go
@@ -296,6 +296,7 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID
 			Required:    true,
 		}
 		ruleSchema["context"] = getContextSchema()
+		ruleSchema["path"] = getPathSchema()
 	} else {
 		ruleSchema["sequence_number"] = &schema.Schema{
 			Type:        schema.TypeInt,

diff --git a/nsxt/provider.go b/nsxt/provider.go
@@ -294,6 +294,7 @@ func Provider() *schema.Provider {
 			"nsxt_policy_host_transport_node":         dataSourceNsxtPolicyHostTransportNode(),
 			"nsxt_manager_cluster_node":               dataSourceNsxtManagerClusterNode(),
 			"nsxt_policy_host_transport_node_profile": dataSourceNsxtPolicyHostTransportNodeProfile(),
+			"nsxt_policy_security_policy_rule":        dataSourceNsxtPolicySecurityPolicyRule(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{

diff --git a/nsxt/resource_nsxt_policy_security_policy_no_rule.go b/nsxt/resource_nsxt_policy_security_policy_no_rule.go
@@ -1,4 +1,4 @@
-/* Copyright © 2019 VMware, Inc. All Rights Reserved.
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
    SPDX-License-Identifier: MPL-2.0 */
 
 package nsxt

diff --git a/nsxt/resource_nsxt_policy_security_policy_no_rule_test.go b/nsxt/resource_nsxt_policy_security_policy_no_rule_test.go
@@ -0,0 +1,167 @@
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
+   SPDX-License-Identifier: MPL-2.0 */
+
+package nsxt
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccResourceNsxtPolicySecurityPolicyNoRule_basic(t *testing.T) {
+	testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, false, func() {
+		testAccPreCheck(t)
+	})
+}
+
+func TestAccResourceNsxtPolicySecurityPolicyNoRule_multitenancy(t *testing.T) {
+	testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, true, func() {
+		testAccPreCheck(t)
+		testAccOnlyMultitenancy(t)
+	})
+}
+
+func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContext bool, preCheck func()) {
+	testResourceName := "nsxt_policy_security_policy_no_rule.test"
+
+	name := getAccTestResourceName()
+	updatedName := getAccTestResourceName()
+	locked := "true"
+	updatedLocked := "false"
+	seqNum := "1"
+	updatedSeqNum := "2"
+	tcpStrict := "true"
+	updatedTCPStrict := "false"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  preCheck,
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, updatedName)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, name, locked, seqNum, tcpStrict),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
+					resource.TestCheckResourceAttr(testResourceName, "locked", locked),
+					resource.TestCheckResourceAttr(testResourceName, "sequence_number", seqNum),
+					resource.TestCheckResourceAttr(testResourceName, "tcp_strict", tcpStrict),
+				),
+			},
+			{
+				Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, updatedName, updatedLocked, updatedSeqNum, updatedTCPStrict),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain),
+					resource.TestCheckResourceAttr(testResourceName, "display_name", updatedName),
+					resource.TestCheckResourceAttr(testResourceName, "locked", updatedLocked),
+					resource.TestCheckResourceAttr(testResourceName, "sequence_number", updatedSeqNum),
+					resource.TestCheckResourceAttr(testResourceName, "tcp_strict", updatedTCPStrict),
+				),
+			},
+		},
+	})
+}
+
+func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_security_policy_no_rule.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, name)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(false, name, "true", "1", "true"),
+			},
+			{
+				ResourceName:      testResourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName),
+			},
+		},
+	})
+}
+
+func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_security_policy_no_rule.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccOnlyMultitenancy(t)
+		},
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicySecurityPolicyCheckDestroy(state, name, defaultDomain)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(true, name, "true", "1", "true"),
+			},
+			{
+				ResourceName:      testResourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testAccResourceNsxtPolicyImportIDRetriever(testResourceName),
+			},
+		},
+	})
+}
+
+func testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state *terraform.State, displayName string) error {
+	connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
+	for _, rs := range state.RootModule().Resources {
+
+		if rs.Type != "nsxt_policy_security_policy_no_rule" {
+			continue
+		}
+
+		resourceID := rs.Primary.Attributes["id"]
+		domain := rs.Primary.Attributes["domain"]
+		exists, err := resourceNsxtPolicySecurityPolicyExistsInDomain(testAccGetSessionContext(), resourceID, domain, connector)
+		if err != nil {
+			return err
+		}
+		if exists {
+			return fmt.Errorf("Policy SecurityPolicy %s still exists", displayName)
+		}
+	}
+	return nil
+}
+
+func testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext bool, name, locked, seqNum, tcpStrict string) string {
+	context := ""
+	if withContext {
+		context = testAccNsxtPolicyMultitenancyContext()
+	}
+	return testAccNsxtPolicySecurityPolicyDeps() + fmt.Sprintf(`
+resource "nsxt_policy_security_policy_no_rule" "test" {
+%s
+  display_name    = "%s"
+  description     = "Acceptance Test"
+  domain = "default"
+  category        = "Application"
+  locked          = %s
+  sequence_number = %s
+  stateful        = "true"
+  tcp_strict      = %s
+  scope           = [nsxt_policy_group.group1.path]
+
+  tag {
+    scope = "color"
+    tag   = "orange"
+  }
+
+  depends_on = [nsxt_policy_group.group1]
+}`, context, name, locked, seqNum, tcpStrict)
+}
diff --git a/nsxt/resource_nsxt_policy_security_policy_rule.go b/nsxt/resource_nsxt_policy_security_policy_rule.go
@@ -6,6 +6,7 @@ package nsxt
 import (
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
@@ -22,7 +23,7 @@ func resourceNsxtPolicySecurityPolicyRule() *schema.Resource {
 		Update: resourceNsxtPolicySecurityPolicyRuleUpdate,
 		Delete: resourceNsxtPolicySecurityPolicyRuleDelete,
 		Importer: &schema.ResourceImporter{
-			State: nsxtDomainResourceImporter,
+			State: nsxtSecurityPolicyRuleImporter,
 		},
 		Schema: getSecurityPolicyAndGatewayRuleSchema(false, false, true, true),
 	}
@@ -103,11 +104,11 @@ func securityPolicyRuleSchemaToModel(d *schema.ResourceData, id string) model.Ru
 
 func resourceNsxtPolicySecurityPolicyRuleExistsPartial(policyPath string) func(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
 	return func(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
-		return resourceNsxtPolicySecurityPolicyRuleExistsInDomain(sessionContext, id, policyPath, connector)
+		return resourceNsxtPolicySecurityPolicyRuleExists(sessionContext, id, policyPath, connector)
 	}
 }
 
-func resourceNsxtPolicySecurityPolicyRuleExistsInDomain(sessionContext utl.SessionContext, id string, policyPath string, connector client.Connector) (bool, error) {
+func resourceNsxtPolicySecurityPolicyRuleExists(sessionContext utl.SessionContext, id string, policyPath string, connector client.Connector) (bool, error) {
 	client := securitypolicies.NewRulesClient(sessionContext, connector)
 
 	domain := getDomainFromResourcePath(policyPath)
@@ -135,7 +136,6 @@ func resourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interfac
 	policyPath := d.Get("policy_path").(string)
 	domain := getDomainFromResourcePath(policyPath)
 	policyID := getPolicyIDFromPath(policyPath)
-
 	client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
 	rule, err := client.Get(domain, policyID, id)
 	if err != nil {
@@ -149,6 +149,7 @@ func resourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interfac
 func securityPolicyRuleModelToSchema(d *schema.ResourceData, rule model.Rule) {
 	d.Set("display_name", rule.DisplayName)
 	d.Set("description", rule.Description)
+	d.Set("path", rule.Path)
 	d.Set("notes", rule.Notes)
 	d.Set("logged", rule.Logged)
 	d.Set("log_label", rule.Tag)
@@ -214,3 +215,17 @@ func resourceNsxtPolicySecurityPolicyRuleDelete(d *schema.ResourceData, m interf
 	client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector)
 	return client.Delete(domain, policyID, id)
 }
+
+func nsxtSecurityPolicyRuleImporter(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
+	importID := d.Id()
+	// Example of Rule path: /infra/domains/default/security-policies/04e862ad-ddce-434c-8453-229e2740982e/rules/b971bdc3-9e8f-442d-a694-846cbbb46ca5
+	if strings.Count(importID, "/") != 7 {
+		return nil, fmt.Errorf("Invalid SecurityPolicyRule path %s", importID)
+	}
+	rd, err := nsxtPolicyPathResourceImporterHelper(d, m)
+	if err != nil {
+		return rd, err
+	}
+	d.Set("policy_path", importID[:strings.Index(importID, "rule")-1])
+	return []*schema.ResourceData{d}, nil
+}