Implement DFW settings Exclusion list

Signed-off-by: Kobi Samoray <[email protected]>
vmware · Dec 19, 2023 · f59c9aa · f59c9aa
1 parent 2ed3221
commit f59c9aa
Show file tree

Hide file tree

Showing 5 changed files with 385 additions and 0 deletions.
diff --git a/api/api_list.yaml b/api/api_list.yaml
@@ -877,3 +877,18 @@
   supported_method:
     - New
     - List
+- api_packages:
+    - client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security
+      model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model
+      type: Local
+    - client: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security
+      model: github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model
+      type: Global
+  model_name: PolicyExcludeList
+  obj_name: PolicyExcludeList
+  client_name: ExcludeListClient
+  supported_method:
+    - New
+    - Get
+    - Patch
+    - Update
diff --git a/api/infra/settings/firewall/security/policy_exclude_list.go b/api/infra/settings/firewall/security/policy_exclude_list.go
@@ -0,0 +1,118 @@
+//nolint:revive
+package security
+
+// The following file has been autogenerated. Please avoid any changes!
+import (
+	"errors"
+
+	vapiProtocolClient_ "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	client1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/settings/firewall/security"
+	model1 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model"
+	client0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/settings/firewall/security"
+	model0 "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
+
+	utl "github.com/vmware/terraform-provider-nsxt/api/utl"
+)
+
+type PolicyExcludeListClientContext utl.ClientContext
+
+func NewExcludeListClient(sessionContext utl.SessionContext, connector vapiProtocolClient_.Connector) *PolicyExcludeListClientContext {
+	var client interface{}
+
+	switch sessionContext.ClientType {
+
+	case utl.Local:
+		client = client0.NewExcludeListClient(connector)
+
+	case utl.Global:
+		client = client1.NewExcludeListClient(connector)
+
+	default:
+		return nil
+	}
+	return &PolicyExcludeListClientContext{Client: client, ClientType: sessionContext.ClientType, ProjectID: sessionContext.ProjectID}
+}
+
+func (c PolicyExcludeListClientContext) Get() (model0.PolicyExcludeList, error) {
+	var obj model0.PolicyExcludeList
+	var err error
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		obj, err = client.Get()
+		if err != nil {
+			return obj, err
+		}
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err1 := client.Get()
+		if err1 != nil {
+			return obj, err1
+		}
+		var rawObj interface{}
+		rawObj, err = utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
+		obj = rawObj.(model0.PolicyExcludeList)
+
+	default:
+		return obj, errors.New("invalid infrastructure for model")
+	}
+	return obj, err
+}
+
+func (c PolicyExcludeListClientContext) Patch(policyExcludeListParam model0.PolicyExcludeList) error {
+	var err error
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		err = client.Patch(policyExcludeListParam)
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err1 := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
+		if err1 != nil {
+			return err1
+		}
+		err = client.Patch(gmObj.(model1.PolicyExcludeList))
+
+	default:
+		err = errors.New("invalid infrastructure for model")
+	}
+	return err
+}
+
+func (c PolicyExcludeListClientContext) Update(policyExcludeListParam model0.PolicyExcludeList) (model0.PolicyExcludeList, error) {
+	var err error
+	var obj model0.PolicyExcludeList
+
+	switch c.ClientType {
+
+	case utl.Local:
+		client := c.Client.(client0.ExcludeListClient)
+		obj, err = client.Update(policyExcludeListParam)
+
+	case utl.Global:
+		client := c.Client.(client1.ExcludeListClient)
+		gmObj, err := utl.ConvertModelBindingType(policyExcludeListParam, model0.PolicyExcludeListBindingType(), model1.PolicyExcludeListBindingType())
+		if err != nil {
+			return obj, err
+		}
+		gmObj, err = client.Update(gmObj.(model1.PolicyExcludeList))
+		if err != nil {
+			return obj, err
+		}
+		obj1, err1 := utl.ConvertModelBindingType(gmObj, model1.PolicyExcludeListBindingType(), model0.PolicyExcludeListBindingType())
+		if err1 != nil {
+			return obj, err1
+		}
+		obj = obj1.(model0.PolicyExcludeList)
+
+	default:
+		err = errors.New("invalid infrastructure for model")
+	}
+	return obj, err
+}
diff --git a/nsxt/provider.go b/nsxt/provider.go
@@ -439,6 +439,7 @@ func Provider() *schema.Provider {
 			"nsxt_policy_host_transport_node_collection":   resourceNsxtPolicyHostTransportNodeCollection(),
 			"nsxt_policy_lb_client_ssl_profile":            resourceNsxtPolicyLBClientSslProfile(),
 			"nsxt_policy_lb_http_application_profile":      resourceNsxtPolicyLBHttpApplicationProfile(),
+			"nsxt_policy_firewall_exclude_list_member":     resourceNsxtPolicyFirewallExcludeListMember(),
 		},
 
 		ConfigureFunc: providerConfigure,

diff --git a/nsxt/resource_nsxt_policy_firewall_exclude_list_member.go b/nsxt/resource_nsxt_policy_firewall_exclude_list_member.go
@@ -0,0 +1,127 @@
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
+   SPDX-License-Identifier: MPL-2.0 */
+
+package nsxt
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	utl "github.com/vmware/terraform-provider-nsxt/api/utl"
+	"github.com/vmware/vsphere-automation-sdk-go/lib/vapi/std/errors"
+	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
+
+	"github.com/vmware/terraform-provider-nsxt/api/infra/settings/firewall/security"
+)
+
+func resourceNsxtPolicyFirewallExcludeListMember() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceNsxtPolicyFirewallExcludeListMemberCreate,
+		Read:   resourceNsxtPolicyFirewallExcludeListMemberRead,
+		Delete: resourceNsxtPolicyFirewallExcludeListMemberDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"member": {
+				Type:         schema.TypeString,
+				Description:  "ExcludeList member",
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validatePolicyPath(),
+			},
+		},
+	}
+}
+
+func memberInList(member string, members []string) int {
+	for i, mem := range members {
+		if mem == member {
+			return i
+		}
+	}
+	return -1
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberExists(sessionContext utl.SessionContext, id string, connector client.Connector) (bool, error) {
+
+	client := security.NewExcludeListClient(sessionContext, connector)
+	obj, err := client.Get()
+	if isNotFoundError(err) {
+		return false, nil
+	} else if err != nil {
+		return false, err
+	}
+	if 0 <= memberInList(id, obj.Members) {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberCreate(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Get("member").(string)
+
+	var obj model.PolicyExcludeList
+
+	client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+	obj, err := client.Get()
+	if isNotFoundError(err) {
+		obj = model.PolicyExcludeList{
+			Members: []string{member},
+		}
+	} else if err != nil {
+		return handleCreateError("PolicyFirewallExcludeListMember", member, err)
+	}
+	if 0 <= memberInList(member, obj.Members) {
+		return errors.AlreadyExists{}
+	}
+	obj.Members = append(obj.Members, member)
+	err = client.Patch(obj)
+	if err != nil {
+		return handleCreateError("PolicyFirewallExcludeListMember", member, err)
+	}
+
+	d.SetId(member)
+
+	return resourceNsxtPolicyFirewallExcludeListMemberRead(d, m)
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberRead(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Id()
+
+	client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+	obj, err := client.Get()
+	if err != nil {
+		return handleReadError(d, "PolicyFirewallExcludeListMember", member, err)
+	}
+	if 0 > memberInList(member, obj.Members) {
+		return errors.NotFound{}
+	}
+	d.Set("member", member)
+	return nil
+}
+
+func resourceNsxtPolicyFirewallExcludeListMemberDelete(d *schema.ResourceData, m interface{}) error {
+	connector := getPolicyConnector(m)
+	member := d.Get("member").(string)
+
+	var obj model.PolicyExcludeList
+
+	client := security.NewExcludeListClient(getSessionContext(d, m), connector)
+	obj, err := client.Get()
+	if isNotFoundError(err) {
+		return errors.NotFound{}
+	} else if err != nil {
+		return handleDeleteError("PolicyFirewallExcludeListMember", member, err)
+	}
+	i := memberInList(member, obj.Members)
+	if i < 0 {
+		return errors.NotFound{}
+	}
+
+	obj.Members = append(obj.Members[:i], obj.Members[i+1:]...)
+	err = client.Patch(obj)
+	return err
+}
diff --git a/nsxt/resource_nsxt_policy_firewall_exclude_list_member_test.go b/nsxt/resource_nsxt_policy_firewall_exclude_list_member_test.go
@@ -0,0 +1,124 @@
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
+   SPDX-License-Identifier: MPL-2.0 */
+
+package nsxt
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccResourceNsxtPolicyFirewallExcludeListMember_basic(t *testing.T) {
+	testResourceName := "nsxt_policy_firewall_exclude_list_member.test"
+	name := getAccTestResourceName()
+	groupPrefix := "/infra/domains/default/groups/"
+	if testAccIsGlobalManager() {
+		groupPrefix = "/global-infra/domains/default/groups"
+	}
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, groupPrefix+name)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccNsxtPolicyFirewallExcludeListMemberExists(name, testResourceName),
+					resource.TestCheckResourceAttr(testResourceName, "member", groupPrefix+name),
+				),
+			},
+		},
+	})
+}
+
+func TestAccResourceNsxtPolicyFirewallExcludeListMember_importBasic(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_firewall_exclude_list_member.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state, "/infra/domains/default/groups/"+name)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNsxtPolicyFirewallExcludeListMemberTemplate(name),
+			},
+			{
+				ResourceName:      testResourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccNsxtPolicyFirewallExcludeListMemberExists(displayName string, resourceName string) resource.TestCheckFunc {
+	return func(state *terraform.State) error {
+
+		connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
+
+		rs, ok := state.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("policy FirewallExcludeListMember resource %s not found in resources", resourceName)
+		}
+
+		resourceID := rs.Primary.ID
+		if resourceID == "" {
+			return fmt.Errorf("policy FirewallExcludeListMember resource ID not set in resources")
+		}
+
+		exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), resourceID, connector)
+		if err != nil {
+			return err
+		}
+		if !exists {
+			return fmt.Errorf("policy FirewallExcludeListMember %s does not exist", resourceID)
+		}
+
+		return nil
+	}
+}
+
+func testAccNsxtPolicyFirewallExcludeListMemberCheckDestroy(state *terraform.State, member string) error {
+	connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
+	for _, rs := range state.RootModule().Resources {
+
+		if rs.Type != "nsxt_policy_firewall_exclude_list_member" {
+			continue
+		}
+
+		exists, err := resourceNsxtPolicyFirewallExcludeListMemberExists(testAccGetSessionContext(), member, connector)
+		if err == nil {
+			return err
+		}
+
+		if exists {
+			return fmt.Errorf("policy FirewallExcludeListMember %s still exists", member)
+		}
+	}
+	return nil
+}
+
+func testAccNsxtPolicyFirewallExcludeListMemberTemplate(name string) string {
+	return fmt.Sprintf(`
+resource "nsxt_policy_group" "test" {
+  nsx_id = "%s"
+  display_name = "%s"
+  description  = "Acceptance Test"
+}
+resource "nsxt_policy_firewall_exclude_list_member" "test" {
+	member = nsxt_policy_group.test.path
+}
+`, name, name)
+}