vmware · enhaocui · Jun 10, 2020 · Jun 4, 2020 · Jun 4, 2020 · Jun 9, 2020
diff --git a/nsxt/resource_nsxt_policy_security_policy.go b/nsxt/resource_nsxt_policy_security_policy.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
+	gm_domains "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra/domains"
+	gm_model "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/model"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/domains"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 	"log"
@@ -26,9 +28,15 @@ func resourceNsxtPolicySecurityPolicy() *schema.Resource {
 }
 
 func resourceNsxtPolicySecurityPolicyExistsInDomain(id string, domainName string, connector *client.RestConnector, isGlobalManager bool) bool {
-	client := domains.NewDefaultSecurityPoliciesClient(connector)
+	var err error
+	if isGlobalManager {
+		client := gm_domains.NewDefaultSecurityPoliciesClient(connector)
+		_, err = client.Get(domainName, id)
+	} else {
+		client := domains.NewDefaultSecurityPoliciesClient(connector)
+		_, err = client.Get(domainName, id)
+	}
 
-	_, err := client.Get(domainName, id)
 	if err == nil {
 		return true
 	}
@@ -49,7 +57,6 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(id st
 
 func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
 	connector := getPolicyConnector(m)
-	client := domains.NewDefaultSecurityPoliciesClient(connector)
 
 	// Initialize resource Id and verify this ID is not yet used
 	id, err := getOrGenerateID(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(d.Get("domain").(string)))
@@ -82,9 +89,19 @@ func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{
 		TcpStrict:      &tcpStrict,
 		Rules:          rules,
 	}
-
 	log.Printf("[INFO] Creating Security Policy with ID %s", id)
-	err = client.Patch(d.Get("domain").(string), id, obj)
+	if isPolicyGlobalManager(m) {
+		gmObj, err1 := convertModelBindingType(obj, model.SecurityPolicyBindingType(), gm_model.SecurityPolicyBindingType())
+		if err1 != nil {
+			return err1
+		}
+		client := gm_domains.NewDefaultSecurityPoliciesClient(connector)
+		err = client.Patch(d.Get("domain").(string), id, gmObj.(gm_model.SecurityPolicy))
+	} else {
+		client := domains.NewDefaultSecurityPoliciesClient(connector)
+		err = client.Patch(d.Get("domain").(string), id, obj)
+	}
+
 	if err != nil {
 		return handleCreateError("Security Policy", id, err)
 	}
@@ -97,19 +114,31 @@ func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{
 
 func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
 	connector := getPolicyConnector(m)
-	client := domains.NewDefaultSecurityPoliciesClient(connector)
-
 	id := d.Id()
+	domainName := d.Get("domain").(string)
 	if id == "" {
 		return fmt.Errorf("Error obtaining Security Policy id")
 	}
-
-	domainName := d.Get("domain").(string)
-	obj, err := client.Get(domainName, id)
-	if err != nil {
-		return handleReadError(d, "Security Policy", id, err)
+	var obj model.SecurityPolicy
+	if isPolicyGlobalManager(m) {
+		client := gm_domains.NewDefaultSecurityPoliciesClient(connector)
+		gmObj, err := client.Get(domainName, id)
+		if err != nil {
+			return handleReadError(d, "SecurityPolicy", id, err)
+		}
+		rawObj, err := convertModelBindingType(gmObj, gm_model.SecurityPolicyBindingType(), model.SecurityPolicyBindingType())
+		if err != nil {
+			return err
+		}
+		obj = rawObj.(model.SecurityPolicy)
+	} else {
+		var err error
+		client := domains.NewDefaultSecurityPoliciesClient(connector)
+		obj, err = client.Get(domainName, id)
+		if err != nil {
+			return handleReadError(d, "SecurityPolicy", id, err)
+		}
 	}
-
 	d.Set("display_name", obj.DisplayName)
 	d.Set("description", obj.Description)
 	setPolicyTagsInSchema(d, obj.Tags)
@@ -135,7 +164,6 @@ func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{})
 
 func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
 	connector := getPolicyConnector(m)
-	client := domains.NewDefaultSecurityPoliciesClient(connector)
 
 	id := d.Id()
 	if id == "" {
@@ -170,8 +198,23 @@ func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{
 		Rules:          rules,
 	}
 
-	// We need to use PUT, because PATCH will not replace the whole rule list
-	_, err := client.Update(d.Get("domain").(string), id, obj)
+	var err error
+	if isPolicyGlobalManager(m) {
+		gmObj, err1 := convertModelBindingType(obj, model.SecurityPolicyBindingType(), gm_model.SecurityPolicyBindingType())
+		if err1 != nil {
+			return err1
+		}
+		gmSecurityPolicy := gmObj.(gm_model.SecurityPolicy)
+		client := gm_domains.NewDefaultSecurityPoliciesClient(connector)
+
+		// We need to use PUT, because PATCH will not replace the whole rule list
+		_, err = client.Update(d.Get("domain").(string), id, gmSecurityPolicy)
+	} else {
+		client := domains.NewDefaultSecurityPoliciesClient(connector)
+
+		// We need to use PUT, because PATCH will not replace the whole rule list
+		_, err = client.Update(d.Get("domain").(string), id, obj)
+	}
 	if err != nil {
 		return handleUpdateError("Security Policy", id, err)
 	}
@@ -186,9 +229,16 @@ func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{
 	}
 
 	connector := getPolicyConnector(m)
-	client := domains.NewDefaultSecurityPoliciesClient(connector)
+	var err error
+
+	if isPolicyGlobalManager(m) {
+		client := gm_domains.NewDefaultSecurityPoliciesClient(connector)
+		err = client.Delete(d.Get("domain").(string), id)
+	} else {
+		client := domains.NewDefaultSecurityPoliciesClient(connector)
+		err = client.Delete(d.Get("domain").(string), id)
+	}
 
-	err := client.Delete(d.Get("domain").(string), id)
 	if err != nil {
 		return handleDeleteError("Security Policy", id, err)
 	}