API Refactoring for VPN resources

NSX API that uses locale service path of VPN resources will be deprecated this PR adds support for the new API that uses gateway path. Also change data_source_nsxt_policy_ipsec_vpn_local_endpoint to use regex-based search API. Signed-off-by: Shizhao Liu <[email protected]>
vmware · Apr 6, 2023 · e76f703 · e76f703
1 parent 1d58a12
commit e76f703
Show file tree

Hide file tree

Showing 14 changed files with 2,037 additions and 109 deletions.
diff --git a/nsxt/data_source_nsxt_policy_ipsec_vpn_local_endpoint.go b/nsxt/data_source_nsxt_policy_ipsec_vpn_local_endpoint.go
@@ -5,6 +5,7 @@ package nsxt
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/bindings"
@@ -36,42 +37,17 @@ func dataSourceNsxtPolicyIPSecVpnLocalEndpointRead(d *schema.ResourceData, m int
 	servicePath := d.Get("service_path").(string)
 	query := make(map[string]string)
 	if len(servicePath) > 0 {
-		// In newer NSX versions, NSX removes locale service from the parent path when search API is concerned
-		objID := d.Get("id").(string)
-		objName := d.Get("display_name").(string)
-		client, err := newLocalEndpointClient(servicePath)
-		if err != nil {
-			return err
+		s := strings.Split(servicePath, "/")
+		if len(s) != 8 && len(s) != 6 {
+			// The policy path of IPSec VPN Service should be like /infra/tier-0s/aaa/locale-services/bbb/ipsec-vpn-services/ccc
+			// or /infra/tier-0s/aaa/ipsec-vpn-services/bbb
+			return fmt.Errorf("Invalid IPSec Vpn Service path: %s", servicePath)
 		}
-		if objID != "" {
-			obj, err := client.Get(connector, objID)
-			if err != nil {
-				return fmt.Errorf("Failed to locate Local Endpoint %s/%s: %v", servicePath, objID, err)
-			}
-			d.SetId(*obj.Id)
-			d.Set("display_name", obj.DisplayName)
-			d.Set("description", obj.Description)
-			d.Set("path", obj.Path)
-			d.Set("local_address", obj.LocalAddress)
-			return nil
+		if len(s) == 8 {
+			// search API does not recognized the locale-services part in the VPN service path
+			servicePath = strings.Join(append(s[:4], s[6:]...), "/")
 		}
-
-		objList, err := client.List(connector)
-		if err != nil {
-			return fmt.Errorf("Failed to list local endpoints: %v", err)
-		}
-
-		for _, obj := range objList {
-			if *obj.DisplayName == objName {
-				d.SetId(*obj.Id)
-				d.Set("display_name", obj.DisplayName)
-				d.Set("description", obj.Description)
-				d.Set("path", obj.Path)
-				d.Set("local_address", obj.LocalAddress)
-				return nil
-			}
-		}
-		return fmt.Errorf("Failed to locate Local Endpoint under %s named %s", servicePath, objName)
+		query["parent_path"] = fmt.Sprintf("%s*", servicePath)
 	}
 	objInt, err := policyDataSourceResourceReadWithValidation(d, connector, isPolicyGlobalManager(m), "IPSecVpnLocalEndpoint", query, false)
 	if err != nil {

diff --git a/nsxt/resource_nsxt_policy_ipsec_vpn_service.go b/nsxt/resource_nsxt_policy_ipsec_vpn_service.go
@@ -11,7 +11,9 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/tier_0s"
 	t0_locale_service "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/tier_0s/locale_services"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/tier_1s"
 	t1_locale_service "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/tier_1s/locale_services"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 )
@@ -41,7 +43,8 @@ func resourceNsxtPolicyIPSecVpnService() *schema.Resource {
 			"description":         getDescriptionSchema(),
 			"revision":            getRevisionSchema(),
 			"tag":                 getTagsSchema(),
-			"locale_service_path": getPolicyPathSchema(true, false, "Polciy path for the locale service."),
+			"locale_service_path": getPolicyPathSchema(false, false, "Polciy path for the locale service."),
+			"gateway_path":        getPolicyPathSchema(false, true, "Policy path for the gateway."),
 			"enabled": {
 				Type:        schema.TypeBool,
 				Description: "Enable/Disable IPSec VPN service.",
@@ -77,6 +80,14 @@ func getNsxtPolicyIPSecVpnServiceByID(connector client.Connector, gwID string, i
 
 func patchNsxtPolicyIPSecVpnService(connector client.Connector, gwID string, localeServiceID string, ipSecVpnService model.IPSecVpnService, isT0 bool) error {
 	id := *ipSecVpnService.Id
+	if localeServiceID == "" {
+		if isT0 {
+			client := tier_0s.NewIpsecVpnServicesClient(connector)
+			return client.Patch(gwID, id, ipSecVpnService)
+		}
+		client := tier_1s.NewIpsecVpnServicesClient(connector)
+		return client.Patch(gwID, id, ipSecVpnService)
+	}
 	if isT0 {
 		client := t0_locale_service.NewIpsecVpnServicesClient(connector)
 		return client.Patch(gwID, localeServiceID, id, ipSecVpnService)
@@ -87,6 +98,16 @@ func patchNsxtPolicyIPSecVpnService(connector client.Connector, gwID string, loc
 
 func updateNsxtPolicyIPSecVpnService(connector client.Connector, gwID string, localeServiceID string, ipSecVpnService model.IPSecVpnService, isT0 bool) error {
 	id := *ipSecVpnService.Id
+	if localeServiceID == "" {
+		if isT0 {
+			client := tier_0s.NewIpsecVpnServicesClient(connector)
+			_, err := client.Update(gwID, id, ipSecVpnService)
+			return err
+		}
+		client := tier_1s.NewIpsecVpnServicesClient(connector)
+		_, err := client.Update(gwID, id, ipSecVpnService)
+		return err
+	}
 	if isT0 {
 		client := t0_locale_service.NewIpsecVpnServicesClient(connector)
 		_, err := client.Update(gwID, localeServiceID, id, ipSecVpnService)
@@ -102,15 +123,21 @@ func resourceNsxtPolicyIPSecVpnServiceImport(d *schema.ResourceData, m interface
 	s := strings.Split(importID, "/")
 	err := fmt.Errorf("Expected policy path for the IPSec VPN Service, got %s", importID)
 	// The policy path of IPSec VPN Service should be like /infra/tier-0s/aaa/locale-services/bbb/ipsec-vpn-services/ccc
-	if len(s) != 8 {
+	// or /infra/tier-0s/aaa/ipsec-vpn-services/bbb
+	if len(s) != 8 && len(s) != 6 {
 		return nil, err
 	}
-	d.SetId(s[7])
+	useLocaleService := len(s) == 8
+	d.SetId(s[len(s)-1])
 	s = strings.Split(importID, "/ipsec-vpn-services/")
 	if len(s) != 2 {
 		return []*schema.ResourceData{d}, err
 	}
-	d.Set("locale_service_path", s[0])
+	if useLocaleService {
+		d.Set("locale_service_path", s[0])
+	} else {
+		d.Set("gateway_path", s[0])
+	}
 	return []*schema.ResourceData{d}, nil
 }
 
@@ -203,11 +230,18 @@ func resourceNsxtPolicyIPSecVpnServiceRead(d *schema.ResourceData, m interface{}
 	if id == "" {
 		return fmt.Errorf("Error obtaining IPSecVpnService ID")
 	}
+	gatewayPath := d.Get("gateway_path").(string)
 	localeServicePath := d.Get("locale_service_path").(string)
+	if gatewayPath == "" && localeServicePath == "" {
+		return fmt.Errorf("At least one of gateway path and locale service path should be provided for VPN resources.")
+	}
 	isT0, gwID, localeServiceID, err := parseLocaleServicePolicyPath(localeServicePath)
-	if err != nil {
+	if err != nil && gatewayPath == "" {
 		return err
 	}
+	if localeServiceID == "" {
+		isT0, gwID = parseGatewayPolicyPath(gatewayPath)
+	}
 	obj, err := getNsxtPolicyIPSecVpnServiceByID(connector, gwID, isT0, localeServiceID, id, isPolicyGlobalManager(m))
 	if err != nil {
 		return handleReadError(d, "IPSecVpnService", id, err)
@@ -229,11 +263,18 @@ func resourceNsxtPolicyIPSecVpnServiceRead(d *schema.ResourceData, m interface{}
 
 func resourceNsxtPolicyIPSecVpnServiceCreate(d *schema.ResourceData, m interface{}) error {
 	connector := getPolicyConnector(m)
+	gatewayPath := d.Get("gateway_path").(string)
 	localeServicePath := d.Get("locale_service_path").(string)
+	if gatewayPath == "" && localeServicePath == "" {
+		return fmt.Errorf("At least one of gateway path and locale service path should be provided for VPN resources.")
+	}
 	isT0, gwID, localeServiceID, err := parseLocaleServicePolicyPath(localeServicePath)
-	if err != nil {
+	if err != nil && gatewayPath == "" {
 		return err
 	}
+	if localeServiceID == "" {
+		isT0, gwID = parseGatewayPolicyPath(gatewayPath)
+	}
 	isGlobalManager := isPolicyGlobalManager(m)
 	id := d.Get("nsx_id").(string)
 	if id == "" {
@@ -285,11 +326,18 @@ func resourceNsxtPolicyIPSecVpnServiceUpdate(d *schema.ResourceData, m interface
 	if id == "" {
 		return fmt.Errorf("Error obtaining IPSec VPN Service ID")
 	}
+	gatewayPath := d.Get("gateway_path").(string)
 	localeServicePath := d.Get("locale_service_path").(string)
+	if gatewayPath == "" && localeServicePath == "" {
+		return fmt.Errorf("At least one of gateway path and locale service path should be provided for VPN resources.")
+	}
 	isT0, gwID, localeServiceID, err := parseLocaleServicePolicyPath(localeServicePath)
-	if err != nil {
+	if err != nil && gatewayPath == "" {
 		return err
 	}
+	if localeServiceID == "" {
+		isT0, gwID = parseGatewayPolicyPath(gatewayPath)
+	}
 
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
@@ -329,11 +377,18 @@ func resourceNsxtPolicyIPSecVpnServiceDelete(d *schema.ResourceData, m interface
 		return fmt.Errorf("Error obtaining IPSec VPN Service ID")
 	}
 
+	gatewayPath := d.Get("gateway_path").(string)
 	localeServicePath := d.Get("locale_service_path").(string)
+	if gatewayPath == "" && localeServicePath == "" {
+		return fmt.Errorf("At least one of gateway path and locale service path should be provided for VPN resources.")
+	}
 	isT0, gwID, localeServiceID, err := parseLocaleServicePolicyPath(localeServicePath)
-	if err != nil {
+	if err != nil && gatewayPath == "" {
 		return err
 	}
+	if localeServiceID == "" {
+		isT0, gwID = parseGatewayPolicyPath(gatewayPath)
+	}
 
 	err = deleteNsxtPolicyIPSecVpnService(getPolicyConnector(m), gwID, localeServiceID, isT0, id)
 	if err != nil {