From 41c6fd0b9aa6bb047703adea9822976ff9ae2585 Mon Sep 17 00:00:00 2001 From: Anna Khmelnitsky Date: Tue, 2 May 2023 02:04:45 +0000 Subject: [PATCH] Update group enumerations with latest spec Signed-off-by: Anna Khmelnitsky --- nsxt/resource_nsxt_policy_group.go | 45 +++++++++++++++++------ nsxt/resource_nsxt_policy_group_test.go | 28 ++++++++++++-- website/docs/r/policy_group.html.markdown | 6 +-- 3 files changed, 62 insertions(+), 17 deletions(-) diff --git a/nsxt/resource_nsxt_policy_group.go b/nsxt/resource_nsxt_policy_group.go index fcadfe394..cf8fcd1c9 100644 --- a/nsxt/resource_nsxt_policy_group.go +++ b/nsxt/resource_nsxt_policy_group.go @@ -21,23 +21,50 @@ import ( var conditionKeyValues = []string{ model.Condition_KEY_TAG, - model.Condition_KEY_COMPUTERNAME, + model.Condition_KEY_NAME, model.Condition_KEY_OSNAME, - model.Condition_KEY_NAME} + model.Condition_KEY_COMPUTERNAME, + model.Condition_KEY_NODETYPE, + model.Condition_KEY_GROUPTYPE, + model.Condition_KEY_ALL, + model.Condition_KEY_IPADDRESS, + model.Condition_KEY_PODCIDR, +} + var conditionMemberTypeValues = []string{ model.Condition_MEMBER_TYPE_IPSET, + model.Condition_MEMBER_TYPE_VIRTUALMACHINE, model.Condition_MEMBER_TYPE_LOGICALPORT, model.Condition_MEMBER_TYPE_LOGICALSWITCH, model.Condition_MEMBER_TYPE_SEGMENT, model.Condition_MEMBER_TYPE_SEGMENTPORT, - model.Condition_MEMBER_TYPE_VIRTUALMACHINE, + model.Condition_MEMBER_TYPE_POD, + model.Condition_MEMBER_TYPE_SERVICE, + model.Condition_MEMBER_TYPE_NAMESPACE, + model.Condition_MEMBER_TYPE_TRANSPORTNODE, + model.Condition_MEMBER_TYPE_GROUP, + model.Condition_MEMBER_TYPE_DVPG, + model.Condition_MEMBER_TYPE_DVPORT, + model.Condition_MEMBER_TYPE_IPADDRESS, + model.Condition_MEMBER_TYPE_KUBERNETESCLUSTER, + model.Condition_MEMBER_TYPE_KUBERNETESNAMESPACE, + model.Condition_MEMBER_TYPE_ANTREAEGRESS, + model.Condition_MEMBER_TYPE_ANTREAIPPOOL, + model.Condition_MEMBER_TYPE_KUBERNETESINGRESS, + model.Condition_MEMBER_TYPE_KUBERNETESGATEWAY, + model.Condition_MEMBER_TYPE_KUBERNETESSERVICE, + model.Condition_MEMBER_TYPE_KUBERNETESNODE, } + var conditionOperatorValues = []string{ + model.Condition_OPERATOR_EQUALS, model.Condition_OPERATOR_CONTAINS, + model.Condition_OPERATOR_STARTSWITH, model.Condition_OPERATOR_ENDSWITH, - model.Condition_OPERATOR_EQUALS, model.Condition_OPERATOR_NOTEQUALS, - model.Condition_OPERATOR_STARTSWITH, + model.Condition_OPERATOR_NOTIN, + model.Condition_OPERATOR_MATCHES, + model.Condition_OPERATOR_IN, } var conjunctionOperatorValues = []string{ model.ConjunctionOperator_CONJUNCTION_OPERATOR_OR, @@ -324,9 +351,6 @@ func validateNestedGroupConditions(conditions []interface{}) (string, error) { if memberType != "" && condMemberType != memberType { return "", fmt.Errorf("Nested conditions must all use the same member_type, but found '%v' with '%v'", condMemberType, memberType) } - if condMemberType != model.Condition_MEMBER_TYPE_VIRTUALMACHINE && condMap["key"] != model.Condition_KEY_TAG { - return "", fmt.Errorf("Only Tag can be used for the key of '%v'", condMemberType) - } memberType = condMemberType } return memberType, nil @@ -933,14 +957,13 @@ func resourceNsxtPolicyGroupRead(d *schema.ResourceData, m interface{}) error { if err != nil { return err } + var extendedCriteria []map[string]interface{} if len(identityGroups) > 0 { identityGroupsMap := make(map[string]interface{}) identityGroupsMap["identity_group"] = identityGroups - - var extendedCriteria []map[string]interface{} extendedCriteria = append(extendedCriteria, identityGroupsMap) - d.Set("extended_criteria", extendedCriteria) } + d.Set("extended_criteria", extendedCriteria) return nil } diff --git a/nsxt/resource_nsxt_policy_group_test.go b/nsxt/resource_nsxt_policy_group_test.go index 241428721..f9fea983e 100644 --- a/nsxt/resource_nsxt_policy_group_test.go +++ b/nsxt/resource_nsxt_policy_group_test.go @@ -33,7 +33,7 @@ func TestAccResourceNsxtPolicyGroup_basicImport(t *testing.T) { }) } -func TestAccResourceNsxtPolicyGroup_AddressCriteria(t *testing.T) { +func TestAccResourceNsxtPolicyGroup_addressCriteria(t *testing.T) { name := getAccTestResourceName() testResourceName := "nsxt_policy_group.test" @@ -83,9 +83,10 @@ func TestAccResourceNsxtPolicyGroup_AddressCriteria(t *testing.T) { }) } -func TestAccResourceNsxtPolicyGroup_GroupTypeIPAddressCriteria(t *testing.T) { +func TestAccResourceNsxtPolicyGroup_groupTypeIPAddressCriteria(t *testing.T) { name := getAccTestResourceName() testResourceName := "nsxt_policy_group.test" + testResourceName2 := "nsxt_policy_group.test-2" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -101,6 +102,7 @@ func TestAccResourceNsxtPolicyGroup_GroupTypeIPAddressCriteria(t *testing.T) { Config: testAccNsxtPolicyGroupIPAddressCreateTemplate(name), Check: resource.ComposeTestCheckFunc( testAccNsxtPolicyGroupExists(testResourceName, defaultDomain), + testAccNsxtPolicyGroupExists(testResourceName2, defaultDomain), resource.TestCheckResourceAttr(testResourceName, "display_name", name), resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"), resource.TestCheckResourceAttr(testResourceName, "domain", defaultDomain), @@ -110,6 +112,8 @@ func TestAccResourceNsxtPolicyGroup_GroupTypeIPAddressCriteria(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "criteria.#", "1"), resource.TestCheckResourceAttr(testResourceName, "criteria.0.ipaddress_expression.#", "1"), resource.TestCheckResourceAttr(testResourceName, "criteria.0.ipaddress_expression.0.ip_addresses.#", "2"), + resource.TestCheckResourceAttr(testResourceName2, "criteria.#", "1"), + resource.TestCheckResourceAttr(testResourceName2, "criteria.0.condition.#", "2"), ), }, { @@ -1421,7 +1425,25 @@ resource "nsxt_policy_group" "test" { tag = "tag2" } } -`, name) + +resource "nsxt_policy_group" "test-2" { + display_name = "%s" + + criteria { + condition { + key = "GroupType" + member_type = "Group" + operator = "EQUALS" + value = "IPAddress" + } + condition { + key = "Tag" + member_type = "Group" + operator = "EQUALS" + value = "orange" + } + } +}`, name, getAccTestResourceName()) } func testAccNsxtPolicyGroupIPAddressUpdateTemplate(name string) string { diff --git a/website/docs/r/policy_group.html.markdown b/website/docs/r/policy_group.html.markdown index 16207fb26..bd35294c5 100644 --- a/website/docs/r/policy_group.html.markdown +++ b/website/docs/r/policy_group.html.markdown @@ -173,9 +173,9 @@ The following arguments are supported: * `member_type` - (Optional) External ID member type. Must be one of: `VirtualMachine`, `VirtualNetworkInterface`, `CloudNativeServiceInstance`, or `PhysicalServer`. Defaults to `VirtualMachine`. * `external_ids` - (Required) List of external IDs for the specified member type. * `condition` (Optional) A repeatable condition block to select this Group's members. When multiple `condition` blocks are used in a single `criteria` they form a nested expression that's implicitly ANDed together and each nested condition must used the same `member_type`. - * `key` (Required) Specifies the attribute to query. Must be one of: `Tag`, `ComputerName`, `OSName` or `Name`. For a `member_type` other than `VirtualMachine`, only the `Tag` key is supported. - * `member_type` (Required) Specifies the type of resource to query. Must be one of: `IPSet`, `LogicalPort`, `LogicalSwitch`, `Segment`, `SegmentPort` or `VirtualMachine`. - * `operator` (Required) Specifies the query operator to use. Must be one of: `CONTAINS`, `ENDSWITH`, `EQUALS`, `NOTEQUALS` or `STARTSWITH`. + * `key` (Required) Specifies the attribute to query. Must be one of: `Tag`, `ComputerName`, `OSName`, `Name`, `NodeType`, `GroupType`, `ALL`, `IPAddress`, `PodCidr`. Please note that certain keys are only applicable to certain member types. + * `member_type` (Required) Specifies the type of resource to query. Must be one of: `IPSet`, `LogicalPort`, `LogicalSwitch`, `Segment`, `SegmentPort`, `VirtualMachine`, `Group`, `DVPG`, `DVPort`, `IPAddress`, `TransportNode`, `Pod`. `Service`, `Namespace`, `KubernetesCluster`, `KubernetesNamespace`, `KubernetesIngress`, `KubernetesService`, `KubernetesNode`, `AntreaEgress`, `AntreaIPPool`. Not that certain member types are only applicable to certain environments. + * `operator` (Required) Specifies the query operator to use. Must be one of: `CONTAINS`, `ENDSWITH`, `EQUALS`, `NOTEQUALS`, `STARTSWITH`, `IN`, `NOTIN`, `MATCHES`. Not that certain operators are only applicable to certain keys/member types.:w * `value` (Required) User specified string value to use in the query. For `Tag` criteria, use 'scope|value' notation if you wish to specify scope in criteria. * `conjunction` (Required for multiple `criteria`) When specifying multiple `criteria`, a conjunction is used to specify if the criteria should selected using `AND` or `OR`. * `operator` (Required) The operator to use. Must be one of `AND` or `OR`. If `AND` is used, then the `criteria` block before/after must be of the same type and if using `condition` then also must use the same `member_type`.