From ece03e4e7cd4af814b970f043df642bd98f6bba6 Mon Sep 17 00:00:00 2001 From: graysonwu Date: Wed, 13 Dec 2023 13:49:45 -0800 Subject: [PATCH] Address comments --- nsxt/policy_common.go | 3 +- nsxt/policy_utils.go | 4 ++ nsxt/provider.go | 2 +- ...rce_nsxt_policy_parent_security_policy.go} | 32 +++++++-------- ...sxt_policy_parent_security_policy_test.go} | 40 +++++++++---------- nsxt/resource_nsxt_policy_security_policy.go | 4 +- ...source_nsxt_policy_security_policy_rule.go | 31 ++++++++++---- ...e_nsxt_policy_security_policy_rule_test.go | 8 ++-- ...licy_parent_security_policy.html.markdown} | 21 +++++----- .../policy_security_policy_rule.html.markdown | 13 ++---- 10 files changed, 84 insertions(+), 74 deletions(-) rename nsxt/{resource_nsxt_policy_security_policy_no_rule.go => resource_nsxt_policy_parent_security_policy.go} (79%) rename nsxt/{resource_nsxt_policy_security_policy_no_rule_test.go => resource_nsxt_policy_parent_security_policy_test.go} (76%) rename website/docs/r/{policy_security_policy_no_rule.html.markdown => policy_parent_security_policy.html.markdown} (89%) diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go index 62d2cba39..6819b3c3c 100644 --- a/nsxt/policy_common.go +++ b/nsxt/policy_common.go @@ -182,6 +182,7 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID "nsx_id": getFlexNsxIDSchema(nsxIDReadOnly), "display_name": getDisplayNameSchema(), "description": getDescriptionSchema(), + "path": getPathSchema(), "revision": getRevisionSchema(), "destination_groups": { Type: schema.TypeSet, @@ -296,7 +297,6 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID Required: true, } ruleSchema["context"] = getContextSchema() - ruleSchema["path"] = getPathSchema() } else { ruleSchema["sequence_number"] = &schema.Schema{ Type: schema.TypeInt, @@ -399,6 +399,7 @@ func setPolicyRulesInSchema(d *schema.ResourceData, rules []model.Rule) error { elem := make(map[string]interface{}) elem["display_name"] = rule.DisplayName elem["description"] = rule.Description + elem["path"] = rule.Path elem["notes"] = rule.Notes elem["logged"] = rule.Logged elem["log_label"] = rule.Tag diff --git a/nsxt/policy_utils.go b/nsxt/policy_utils.go index 9a729ef70..d5db3d923 100644 --- a/nsxt/policy_utils.go +++ b/nsxt/policy_utils.go @@ -174,6 +174,10 @@ func getDomainFromResourcePath(rPath string) string { return getResourceIDFromResourcePath(rPath, "domains") } +func getProjectIDFromResourcePath(rPath string) string { + return getResourceIDFromResourcePath(rPath, "projects") +} + func getResourceIDFromResourcePath(rPath string, rType string) string { segments := strings.Split(rPath, "/") for i, seg := range segments { diff --git a/nsxt/provider.go b/nsxt/provider.go index 51a659b4b..348c4accb 100644 --- a/nsxt/provider.go +++ b/nsxt/provider.go @@ -439,7 +439,7 @@ func Provider() *schema.Provider { "nsxt_policy_host_transport_node_collection": resourceNsxtPolicyHostTransportNodeCollection(), "nsxt_policy_lb_client_ssl_profile": resourceNsxtPolicyLBClientSslProfile(), "nsxt_policy_security_policy_rule": resourceNsxtPolicySecurityPolicyRule(), - "nsxt_policy_security_policy_no_rule": resourceNsxtPolicySecurityPolicyNoRule(), + "nsxt_policy_parent_security_policy": resourceNsxtPolicyParentSecurityPolicy(), }, ConfigureFunc: providerConfigure, diff --git a/nsxt/resource_nsxt_policy_security_policy_no_rule.go b/nsxt/resource_nsxt_policy_parent_security_policy.go similarity index 79% rename from nsxt/resource_nsxt_policy_security_policy_no_rule.go rename to nsxt/resource_nsxt_policy_parent_security_policy.go index 212a77f4d..528100858 100644 --- a/nsxt/resource_nsxt_policy_security_policy_no_rule.go +++ b/nsxt/resource_nsxt_policy_parent_security_policy.go @@ -13,12 +13,12 @@ import ( "github.com/vmware/terraform-provider-nsxt/api/infra/domains" ) -func resourceNsxtPolicySecurityPolicyNoRule() *schema.Resource { +func resourceNsxtPolicyParentSecurityPolicy() *schema.Resource { return &schema.Resource{ - Create: resourceNsxtPolicySecurityPolicyNoRuleCreate, - Read: resourceNsxtPolicySecurityPolicyNoRuleRead, - Update: resourceNsxtPolicySecurityPolicyNoRuleUpdate, - Delete: resourceNsxtPolicySecurityPolicyNoRuleDelete, + Create: resourceNsxtPolicyParentSecurityPolicyCreate, + Read: resourceNsxtPolicyParentSecurityPolicyRead, + Update: resourceNsxtPolicyParentSecurityPolicyUpdate, + Delete: resourceNsxtPolicyParentSecurityPolicyDelete, Importer: &schema.ResourceImporter{ State: nsxtDomainResourceImporter, }, @@ -26,7 +26,7 @@ func resourceNsxtPolicySecurityPolicyNoRule() *schema.Resource { } } -func resourceNsxtPolicySecurityPolicyNoRuleCreate(d *schema.ResourceData, m interface{}) error { +func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error { connector := getPolicyConnector(m) // Initialize resource Id and verify this ID is not yet used @@ -39,7 +39,7 @@ func resourceNsxtPolicySecurityPolicyNoRuleCreate(d *schema.ResourceData, m inte domain := d.Get("domain").(string) client := domains.NewSecurityPoliciesClient(getSessionContext(d, m), connector) - obj := securityPolicySchemaToModelNoRule(d, id) + obj := parentSecurityPolicySchemaToModel(d, id) err = client.Patch(domain, id, obj) if err != nil { return handleCreateError("Security Policy", id, err) @@ -48,10 +48,10 @@ func resourceNsxtPolicySecurityPolicyNoRuleCreate(d *schema.ResourceData, m inte d.SetId(id) d.Set("nsx_id", id) - return resourceNsxtPolicySecurityPolicyNoRuleRead(d, m) + return resourceNsxtPolicyParentSecurityPolicyRead(d, m) } -func securityPolicySchemaToModelNoRule(d *schema.ResourceData, id string) model.SecurityPolicy { +func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.SecurityPolicy { displayName := d.Get("display_name").(string) description := d.Get("description").(string) tags := getPolicyTagsFromSchema(d) @@ -80,12 +80,12 @@ func securityPolicySchemaToModelNoRule(d *schema.ResourceData, id string) model. } } -func resourceNsxtPolicySecurityPolicyNoRuleRead(d *schema.ResourceData, m interface{}) error { - _, err := securityPolicyModelToSchemaNoRule(d, m) +func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error { + _, err := parentSecurityPolicyModelToSchema(d, m) return err } -func securityPolicyModelToSchemaNoRule(d *schema.ResourceData, m interface{}) (*model.SecurityPolicy, error) { +func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}) (*model.SecurityPolicy, error) { connector := getPolicyConnector(m) id := d.Id() domainName := d.Get("domain").(string) @@ -118,7 +118,7 @@ func securityPolicyModelToSchemaNoRule(d *schema.ResourceData, m interface{}) (* return &obj, nil } -func resourceNsxtPolicySecurityPolicyNoRuleUpdate(d *schema.ResourceData, m interface{}) error { +func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error { connector := getPolicyConnector(m) id := d.Id() @@ -134,16 +134,16 @@ func resourceNsxtPolicySecurityPolicyNoRuleUpdate(d *schema.ResourceData, m inte return handleUpdateError("Security Policy", id, err) } - obj := securityPolicySchemaToModelNoRule(d, id) + obj := parentSecurityPolicySchemaToModel(d, id) obj.Rules = remoteObj.Rules err = client.Patch(domain, id, obj) if err != nil { return handleUpdateError("Security Policy", id, err) } - return resourceNsxtPolicySecurityPolicyNoRuleRead(d, m) + return resourceNsxtPolicyParentSecurityPolicyRead(d, m) } -func resourceNsxtPolicySecurityPolicyNoRuleDelete(d *schema.ResourceData, m interface{}) error { +func resourceNsxtPolicyParentSecurityPolicyDelete(d *schema.ResourceData, m interface{}) error { return resourceNsxtPolicySecurityPolicyDelete(d, m) } diff --git a/nsxt/resource_nsxt_policy_security_policy_no_rule_test.go b/nsxt/resource_nsxt_policy_parent_security_policy_test.go similarity index 76% rename from nsxt/resource_nsxt_policy_security_policy_no_rule_test.go rename to nsxt/resource_nsxt_policy_parent_security_policy_test.go index f7a43baa9..c8cdc8f03 100644 --- a/nsxt/resource_nsxt_policy_security_policy_no_rule_test.go +++ b/nsxt/resource_nsxt_policy_parent_security_policy_test.go @@ -11,21 +11,21 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccResourceNsxtPolicySecurityPolicyNoRule_basic(t *testing.T) { - testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, false, func() { +func TestAccResourceNsxtPolicyParentSecurityPolicy_basic(t *testing.T) { + testAccResourceNsxtPolicyParentSecurityPolicyBasic(t, false, func() { testAccPreCheck(t) }) } -func TestAccResourceNsxtPolicySecurityPolicyNoRule_multitenancy(t *testing.T) { - testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t, true, func() { +func TestAccResourceNsxtPolicyParentSecurityPolicy_multitenancy(t *testing.T) { + testAccResourceNsxtPolicyParentSecurityPolicyBasic(t, true, func() { testAccPreCheck(t) testAccOnlyMultitenancy(t) }) } -func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContext bool, preCheck func()) { - testResourceName := "nsxt_policy_security_policy_no_rule.test" +func testAccResourceNsxtPolicyParentSecurityPolicyBasic(t *testing.T, withContext bool, preCheck func()) { + testResourceName := "nsxt_policy_parent_security_policy.test" name := getAccTestResourceName() updatedName := getAccTestResourceName() @@ -40,11 +40,11 @@ func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContex PreCheck: preCheck, Providers: testAccProviders, CheckDestroy: func(state *terraform.State) error { - return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, updatedName) + return testAccNsxtPolicyParentSecurityPolicyCheckDestroy(state, updatedName) }, Steps: []resource.TestStep{ { - Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, name, locked, seqNum, tcpStrict), + Config: testAccNsxtPolicyParentSecurityPolicyTemplate(withContext, name, locked, seqNum, tcpStrict), Check: resource.ComposeTestCheckFunc( testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain), resource.TestCheckResourceAttr(testResourceName, "display_name", name), @@ -54,7 +54,7 @@ func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContex ), }, { - Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext, updatedName, updatedLocked, updatedSeqNum, updatedTCPStrict), + Config: testAccNsxtPolicyParentSecurityPolicyTemplate(withContext, updatedName, updatedLocked, updatedSeqNum, updatedTCPStrict), Check: resource.ComposeTestCheckFunc( testAccNsxtPolicySecurityPolicyExists(testResourceName, defaultDomain), resource.TestCheckResourceAttr(testResourceName, "display_name", updatedName), @@ -67,19 +67,19 @@ func testAccResourceNsxtPolicySecurityPolicyNoRuleBasic(t *testing.T, withContex }) } -func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic(t *testing.T) { +func TestAccResourceNsxtPolicyParentSecurityPolicy_importBasic(t *testing.T) { name := getAccTestResourceName() - testResourceName := "nsxt_policy_security_policy_no_rule.test" + testResourceName := "nsxt_policy_parent_security_policy.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: func(state *terraform.State) error { - return testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state, name) + return testAccNsxtPolicyParentSecurityPolicyCheckDestroy(state, name) }, Steps: []resource.TestStep{ { - Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(false, name, "true", "1", "true"), + Config: testAccNsxtPolicyParentSecurityPolicyTemplate(false, name, "true", "1", "true"), }, { ResourceName: testResourceName, @@ -91,9 +91,9 @@ func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic(t *testing.T) { }) } -func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *testing.T) { +func TestAccResourceNsxtPolicyParentSecurityPolicy_importBasic_multitenancy(t *testing.T) { name := getAccTestResourceName() - testResourceName := "nsxt_policy_security_policy_no_rule.test" + testResourceName := "nsxt_policy_parent_security_policy.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -106,7 +106,7 @@ func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *t }, Steps: []resource.TestStep{ { - Config: testAccNsxtPolicySecurityPolicyNoRuleTemplate(true, name, "true", "1", "true"), + Config: testAccNsxtPolicyParentSecurityPolicyTemplate(true, name, "true", "1", "true"), }, { ResourceName: testResourceName, @@ -118,11 +118,11 @@ func TestAccResourceNsxtPolicySecurityPolicyNoRule_importBasic_multitenancy(t *t }) } -func testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state *terraform.State, displayName string) error { +func testAccNsxtPolicyParentSecurityPolicyCheckDestroy(state *terraform.State, displayName string) error { connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) for _, rs := range state.RootModule().Resources { - if rs.Type != "nsxt_policy_security_policy_no_rule" { + if rs.Type != "nsxt_policy_parent_security_policy" { continue } @@ -139,13 +139,13 @@ func testAccNsxtPolicySecurityPolicyNoRuleCheckDestroy(state *terraform.State, d return nil } -func testAccNsxtPolicySecurityPolicyNoRuleTemplate(withContext bool, name, locked, seqNum, tcpStrict string) string { +func testAccNsxtPolicyParentSecurityPolicyTemplate(withContext bool, name, locked, seqNum, tcpStrict string) string { context := "" if withContext { context = testAccNsxtPolicyMultitenancyContext() } return testAccNsxtPolicySecurityPolicyDeps() + fmt.Sprintf(` -resource "nsxt_policy_security_policy_no_rule" "test" { +resource "nsxt_policy_parent_security_policy" "test" { %s display_name = "%s" description = "Acceptance Test" diff --git a/nsxt/resource_nsxt_policy_security_policy.go b/nsxt/resource_nsxt_policy_security_policy.go index fc9df539f..7ef1d9510 100644 --- a/nsxt/resource_nsxt_policy_security_policy.go +++ b/nsxt/resource_nsxt_policy_security_policy.go @@ -57,7 +57,7 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(sessi func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, connector client.Connector, isGlobalManager bool, id string, createFlow bool) error { - obj := securityPolicySchemaToModelNoRule(d, id) + obj := parentSecurityPolicySchemaToModel(d, id) domain := d.Get("domain").(string) revision := int64(d.Get("revision").(int)) log.Printf("[INFO] Creating Security Policy with ID %s", id) @@ -105,7 +105,7 @@ func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{ } func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error { - obj, err := securityPolicyModelToSchemaNoRule(d, m) + obj, err := parentSecurityPolicyModelToSchema(d, m) if err != nil { return err } diff --git a/nsxt/resource_nsxt_policy_security_policy_rule.go b/nsxt/resource_nsxt_policy_security_policy_rule.go index fbe23b350..5a7b9d843 100644 --- a/nsxt/resource_nsxt_policy_security_policy_rule.go +++ b/nsxt/resource_nsxt_policy_security_policy_rule.go @@ -32,17 +32,26 @@ func resourceNsxtPolicySecurityPolicyRule() *schema.Resource { func resourceNsxtPolicySecurityPolicyRuleCreate(d *schema.ResourceData, m interface{}) error { connector := getPolicyConnector(m) + policyPath := d.Get("policy_path").(string) + projectID := getProjectIDFromResourcePath(policyPath) + domain := getDomainFromResourcePath(policyPath) + policyID := getPolicyIDFromPath(policyPath) + + if len(d.Get("context").([]interface{})) == 0 { + contexts := make([]interface{}, 1) + ctxMap := make(map[string]interface{}) + ctxMap["project_id"] = projectID + contexts[0] = ctxMap + d.Set("context", contexts) + } + // Initialize resource Id and verify this ID is not yet used id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyRuleExistsPartial(d.Get("policy_path").(string))) if err != nil { return err } - policyPath := d.Get("policy_path").(string) log.Printf("[INFO] Creating Security Policy Rule with ID %s under policy %s", id, policyPath) - domain := getDomainFromResourcePath(policyPath) - policyID := getPolicyIDFromPath(policyPath) - client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector) rule := securityPolicyRuleSchemaToModel(d, id) err = client.Patch(domain, policyID, id, rule) @@ -134,8 +143,18 @@ func resourceNsxtPolicySecurityPolicyRuleRead(d *schema.ResourceData, m interfac } policyPath := d.Get("policy_path").(string) + projectID := getProjectIDFromResourcePath(policyPath) domain := getDomainFromResourcePath(policyPath) policyID := getPolicyIDFromPath(policyPath) + + if len(d.Get("context").([]interface{})) == 0 { + contexts := make([]interface{}, 1) + ctxMap := make(map[string]interface{}) + ctxMap["project_id"] = projectID + contexts[0] = ctxMap + d.Set("context", contexts) + } + client := securitypolicies.NewRulesClient(getSessionContext(d, m), connector) rule, err := client.Get(domain, policyID, id) if err != nil { @@ -218,10 +237,6 @@ func resourceNsxtPolicySecurityPolicyRuleDelete(d *schema.ResourceData, m interf func nsxtSecurityPolicyRuleImporter(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { importID := d.Id() - // Example of Rule path: /infra/domains/default/security-policies/04e862ad-ddce-434c-8453-229e2740982e/rules/b971bdc3-9e8f-442d-a694-846cbbb46ca5 - if strings.Count(importID, "/") != 7 { - return nil, fmt.Errorf("Invalid SecurityPolicyRule path %s", importID) - } rd, err := nsxtPolicyPathResourceImporterHelper(d, m) if err != nil { return rd, err diff --git a/nsxt/resource_nsxt_policy_security_policy_rule_test.go b/nsxt/resource_nsxt_policy_security_policy_rule_test.go index b55129e16..825bb891d 100644 --- a/nsxt/resource_nsxt_policy_security_policy_rule_test.go +++ b/nsxt/resource_nsxt_policy_security_policy_rule_test.go @@ -176,7 +176,7 @@ func testAccNsxtPolicySecurityPolicyRuleDeps(withContext bool) string { context = testAccNsxtPolicyMultitenancyContext() } return testAccNsxtPolicySecurityPolicyDeps() + fmt.Sprintf(` -resource "nsxt_policy_security_policy_no_rule" "policy1" { +resource "nsxt_policy_parent_security_policy" "policy1" { %s display_name = "no-rule-policy" description = "Acceptance Test" @@ -205,7 +205,7 @@ func testAccNsxtPolicySecurityPolicyRuleTemplate(withContext bool, name, action, resource "nsxt_policy_security_policy_rule" "test" { %s display_name = "%s" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path action = "%s" direction = "%s" ip_version = "%s" @@ -217,13 +217,13 @@ resource "nsxt_policy_security_policy_rule" "test" { tag = "orange" } - depends_on = [nsxt_policy_security_policy_no_rule.policy1, nsxt_policy_group.group2] + depends_on = [nsxt_policy_parent_security_policy.policy1, nsxt_policy_group.group2] } data "nsxt_policy_security_policy_rule" "test" { %s display_name = "%s" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path depends_on = [nsxt_policy_security_policy_rule.test] }`, context, name, action, direction, ipVersion, seqNum, context, name) } diff --git a/website/docs/r/policy_security_policy_no_rule.html.markdown b/website/docs/r/policy_parent_security_policy.html.markdown similarity index 89% rename from website/docs/r/policy_security_policy_no_rule.html.markdown rename to website/docs/r/policy_parent_security_policy.html.markdown index 528941de9..9d04ad643 100644 --- a/website/docs/r/policy_security_policy_no_rule.html.markdown +++ b/website/docs/r/policy_parent_security_policy.html.markdown @@ -1,11 +1,11 @@ --- subcategory: "Firewall" layout: "nsxt" -page_title: "NSXT: nsxt_policy_security_policy_no_rule" +page_title: "NSXT: nsxt_policy_parent_security_policy" description: A resource to configure a Security Policy without rules. --- -# nsxt_policy_security_policy_no_rule +# nsxt_policy_parent_security_policy This resource provides a method for the management of Security Policy without rules. @@ -17,7 +17,7 @@ This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. ## Example Usage ```hcl -resource "nsxt_policy_security_policy_no_rule" "policy1" { +resource "nsxt_policy_parent_security_policy" "policy1" { display_name = "policy1" description = "Terraform provisioned Security Policy" category = "Application" @@ -34,7 +34,7 @@ resource "nsxt_policy_security_policy_no_rule" "policy1" { resource "nsxt_policy_security_policy_rule" "rule1" { display_name = "rule1" description = "Terraform provisioned Security Policy Rule" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path sequence_number = 1 destination_groups = [nsxt_policy_group.cats.path, nsxt_policy_group.dogs.path] action = "DROP" @@ -49,7 +49,7 @@ resource "nsxt_policy_security_policy_rule" "rule1" { data "nsxt_policy_site" "paris" { display_name = "Paris" } -resource "nsxt_policy_security_policy_no_rule" "policy1" { +resource "nsxt_policy_parent_security_policy" "policy1" { display_name = "policy1" description = "Terraform provisioned Security Policy" category = "Application" @@ -67,7 +67,7 @@ resource "nsxt_policy_security_policy_no_rule" "policy1" { resource "nsxt_policy_security_policy_rule" "rule1" { display_name = "rule1" description = "Terraform provisioned Security Policy Rule" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path sequence_number = 1 destination_groups = [nsxt_policy_group.cats.path, nsxt_policy_group.dogs.path] action = "DROP" @@ -83,7 +83,7 @@ data "nsxt_policy_project" "demoproj" { display_name = "demoproj" } -resource "nsxt_policy_security_policy_no_rule" "policy1" { +resource "nsxt_policy_parent_security_policy" "policy1" { context { project_id = data.nsxt_policy_project.demoproj.id } @@ -101,12 +101,9 @@ resource "nsxt_policy_security_policy_no_rule" "policy1" { } resource "nsxt_policy_security_policy_rule" "rule1" { - context { - project_id = data.nsxt_policy_project.demoproj.id - } display_name = "rule1" description = "Terraform provisioned Security Policy Rule" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path sequence_number = 1 destination_groups = [nsxt_policy_group.cats.path, nsxt_policy_group.dogs.path] action = "DROP" @@ -151,7 +148,7 @@ An existing security policy can be [imported][docs-import] into this resource, v [docs-import]: https://www.terraform.io/cli/import ``` -terraform import nsxt_policy_security_policy_no_rule.policy1 domain/ID +terraform import nsxt_policy_parent_security_policy.policy1 domain/ID ``` The above command imports the security policy named `policy1` under NSX domain `domain` with the NSX Policy ID `ID`. diff --git a/website/docs/r/policy_security_policy_rule.html.markdown b/website/docs/r/policy_security_policy_rule.html.markdown index a1b844dcc..78755aff2 100644 --- a/website/docs/r/policy_security_policy_rule.html.markdown +++ b/website/docs/r/policy_security_policy_rule.html.markdown @@ -10,7 +10,7 @@ description: A resource to configure a Security Policy Rule. This resource provides a method for the management of Security Policy Rule. Note: to avoid unexpected behavior, don't use this resource and resource `nsxt_policy_security_policy` to manage rules under a security policy at the same time. -Recommend to use this resource with resource `nsxt_policy_security_policy_no_rule` to manage a security policy and its rules separately. And use `nsxt_policy_security_policy` to manage a security policy and its rules in one single resource. +Recommend to use this resource with resource `nsxt_policy_parent_security_policy` to manage a security policy and its rules separately. And use `nsxt_policy_security_policy` to manage a security policy and its rules in one single resource. This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. @@ -20,7 +20,7 @@ This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. resource "nsxt_policy_security_policy_rule" "rule1" { display_name = "rule1" description = "Terraform provisioned Security Policy Rule" - policy_path = nsxt_policy_security_policy_no_rule.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path sequence_number = 1 destination_groups = [nsxt_policy_group.cats.path, nsxt_policy_group.dogs.path] action = "DROP" @@ -32,17 +32,10 @@ resource "nsxt_policy_security_policy_rule" "rule1" { ## Example Usage - Multi-Tenancy ```hcl -data "nsxt_policy_project" "demoproj" { - display_name = "demoproj" -} - resource "nsxt_policy_security_policy_rule" "rule1" { - context { - project_id = data.nsxt_policy_project.demoproj.id - } display_name = "rule1" description = "Terraform provisioned Security Policy Rule" - policy_path = data.nsxt_policy_security_policy.policy1.path + policy_path = nsxt_policy_parent_security_policy.policy1.path # Path of a multi-tenancy policy sequence_number = 1 destination_groups = [nsxt_policy_group.cats.path, nsxt_policy_group.dogs.path] action = "DROP"