diff --git a/nsxt/data_source_nsxt_policy_tier1_gateway.go b/nsxt/data_source_nsxt_policy_tier1_gateway.go index dc71aa43d..ad0f66ee1 100644 --- a/nsxt/data_source_nsxt_policy_tier1_gateway.go +++ b/nsxt/data_source_nsxt_policy_tier1_gateway.go @@ -5,6 +5,7 @@ package nsxt import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/vmware/vsphere-automation-sdk-go/runtime/bindings" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" diff --git a/nsxt/resource_nsxt_policy_tier1_gateway.go b/nsxt/resource_nsxt_policy_tier1_gateway.go index bbb141ef7..2cebff6c7 100644 --- a/nsxt/resource_nsxt_policy_tier1_gateway.go +++ b/nsxt/resource_nsxt_policy_tier1_gateway.go @@ -44,7 +44,15 @@ var poolAllocationValues = []string{ var t1HaModeValues = []string{ model.Tier1_HA_MODE_ACTIVE, - model.Tier1_HA_MODE_STANDBY} + model.Tier1_HA_MODE_STANDBY, + "NONE", +} + +var t1TypeValues = []string{ + model.Tier1_TYPE_ROUTED, + model.Tier1_TYPE_ISOLATED, + model.Tier1_TYPE_NATTED, +} func resourceNsxtPolicyTier1Gateway() *schema.Resource { return &schema.Resource{ @@ -105,6 +113,7 @@ func resourceNsxtPolicyTier1Gateway() *schema.Resource { ValidateFunc: validation.StringInSlice(advertismentTypeValues, false), }, Optional: true, + Computed: true, }, "route_advertisement_rule": getAdvRulesSchema(), "ipv6_ndra_profile_path": getIPv6NDRAPathSchema(), @@ -128,6 +137,12 @@ func resourceNsxtPolicyTier1Gateway() *schema.Resource { Optional: true, Default: model.Tier1_HA_MODE_STANDBY, }, + "type": { + Type: schema.TypeString, + Description: "Tier-1 Type", + ValidateFunc: validation.StringInSlice(t1TypeValues, false), + Optional: true, + }, "context": getContextSchema(), }, } @@ -364,6 +379,7 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche ipv6ProfilePaths := getIpv6ProfilePathsFromSchema(d) dhcpPath := d.Get("dhcp_config_path").(string) haMode := d.Get("ha_mode").(string) + connectivityType := d.Get("type").(string) revision := int64(d.Get("revision").(int)) if haMode == model.Tier1_HA_MODE_ACTIVE && nsxVersionLower("4.0.0") { @@ -389,7 +405,12 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche } if nsxVersionHigherOrEqual("3.2.0") { - obj.HaMode = &haMode + if haMode != "NONE" { + obj.HaMode = &haMode + } + } + if len(connectivityType) > 0 { + obj.Type_ = &connectivityType } if dhcpPath != "" { @@ -453,6 +474,19 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche return infraStruct, nil } +func validateTier1Type(d *schema.ResourceData) error { + connectivityType := d.Get("type").(string) + tier0Path := d.Get("tier0_path").(string) + + if connectivityType == model.Tier1_TYPE_ROUTED || connectivityType == model.Tier1_TYPE_NATTED { + if len(tier0Path) == 0 { + return fmt.Errorf("tier0_path needs to be specified for gateway type %v", connectivityType) + } + } + + return nil +} + func resourceNsxtPolicyTier1GatewayCreate(d *schema.ResourceData, m interface{}) error { connector := getPolicyConnector(m) @@ -462,7 +496,13 @@ func resourceNsxtPolicyTier1GatewayCreate(d *schema.ResourceData, m interface{}) return err } + err = validateTier1Type(d) + if err != nil { + return err + } + obj, err := policyTier1GatewayResourceToInfraStruct(getSessionContext(d, m), d, connector, id) + if err != nil { return err } @@ -507,10 +547,15 @@ func resourceNsxtPolicyTier1GatewayRead(d *schema.ResourceData, m interface{}) e d.Set("enable_standby_relocation", obj.EnableStandbyRelocation) d.Set("force_whitelisting", obj.ForceWhitelisting) if nsxVersionHigherOrEqual("3.2.0") { - d.Set("ha_mode", obj.HaMode) + if obj.HaMode == nil { + d.Set("ha_mode", "NONE") + } else { + d.Set("ha_mode", obj.HaMode) + } } - if obj.Tier0Path != nil { - d.Set("tier0_path", *obj.Tier0Path) + d.Set("tier0_path", obj.Tier0Path) + if obj.Type_ != nil { + d.Set("type", obj.Type_) } d.Set("route_advertisement_types", obj.RouteAdvertisementTypes) d.Set("revision", obj.Revision) diff --git a/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go b/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go index ff412a684..9721c001d 100644 --- a/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go +++ b/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go @@ -65,7 +65,6 @@ func TestAccResourceNsxtPolicyTier1Gateway_globalManager(t *testing.T) { testAccNsxtPolicyTier1Exists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", defaultTestResourceName), resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""), - resource.TestCheckResourceAttr(testResourceName, "route_advertisement_types.#", "0"), resource.TestCheckResourceAttr(testResourceName, "route_advertisement_rule.#", "0"), resource.TestCheckResourceAttr(testResourceName, "locale_service.#", "0"), resource.TestCheckResourceAttr(testResourceName, "intersite_config.#", "1"), diff --git a/nsxt/resource_nsxt_policy_tier1_gateway_test.go b/nsxt/resource_nsxt_policy_tier1_gateway_test.go index 12d1eaba2..8c0329d76 100644 --- a/nsxt/resource_nsxt_policy_tier1_gateway_test.go +++ b/nsxt/resource_nsxt_policy_tier1_gateway_test.go @@ -277,6 +277,8 @@ func TestAccResourceNsxtPolicyTier1Gateway_withId(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "display_name", name), resource.TestCheckResourceAttr(testResourceName, "id", id), resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"), + resource.TestCheckResourceAttr(testResourceName, "ha_mode", "NONE"), + resource.TestCheckResourceAttr(testResourceName, "type", "ISOLATED"), resource.TestCheckResourceAttr(testResourceName, "tag.#", "2"), resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""), resource.TestCheckResourceAttr(realizationResourceName, "state", "REALIZED"), @@ -289,6 +291,8 @@ func TestAccResourceNsxtPolicyTier1Gateway_withId(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "display_name", updateName), resource.TestCheckResourceAttr(testResourceName, "id", id), resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"), + resource.TestCheckResourceAttr(testResourceName, "ha_mode", "NONE"), + resource.TestCheckResourceAttr(testResourceName, "type", "ISOLATED"), resource.TestCheckResourceAttr(testResourceName, "tag.#", "2"), resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""), resource.TestCheckResourceAttr(realizationResourceName, "state", "REALIZED"), @@ -658,6 +662,7 @@ resource "nsxt_policy_tier1_gateway" "test" { description = "Acceptance Test" tier0_path = data.nsxt_policy_tier0_gateway.T0.path failover_mode = "%s" + type = "ROUTED" tag { scope = "scope1" @@ -682,6 +687,8 @@ resource "nsxt_policy_tier1_gateway" "test" { nsx_id = "%s" display_name = "%s" description = "Acceptance Test" + ha_mode = "NONE" + type = "ISOLATED" tag { scope = "scope1" diff --git a/website/docs/r/policy_tier1_gateway.html.markdown b/website/docs/r/policy_tier1_gateway.html.markdown index f08728ac9..02f13f0e4 100644 --- a/website/docs/r/policy_tier1_gateway.html.markdown +++ b/website/docs/r/policy_tier1_gateway.html.markdown @@ -137,13 +137,14 @@ The following arguments are supported: * `action` - (Required) Action to advertise filtered routes to the connected Tier0 gateway. PERMIT (which is the default): Enables the advertisement, DENY: Disables the advertisement. * `subnets` - (Required) list of network CIDRs to be routed. * `prefix_operator` - (Optional) Prefix operator to apply on subnets. GE prefix operator (which is the default|) filters all the routes having network subset of any of the networks configured in Advertise rule. EQ prefix operator filter all the routes having network equal to any of the network configured in Advertise rule.The name of the rule. -* `route_advertisement_types` - (Optional) List of desired types of route advertisements, supported values: `TIER1_STATIC_ROUTES`, `TIER1_CONNECTED`, `TIER1_NAT`, `TIER1_LB_VIP`, `TIER1_LB_SNAT`, `TIER1_DNS_FORWARDER_IP`, `TIER1_IPSEC_LOCAL_ENDPOINT`. +* `route_advertisement_types` - (Optional) List of desired types of route advertisements, supported values: `TIER1_STATIC_ROUTES`, `TIER1_CONNECTED`, `TIER1_NAT`, `TIER1_LB_VIP`, `TIER1_LB_SNAT`, `TIER1_DNS_FORWARDER_IP`, `TIER1_IPSEC_LOCAL_ENDPOINT`. This field is Computed, meaning that NSX can auto-assign types. Hence, in order to revert to default behavior, set route advertisement values explicitly rather than removing this clause from configuration. * `ingress_qos_profile_path` - (Optional) QoS Profile path for ingress traffic on link connected to Tier0 gateway. * `egress_qos_profile_path` - (Optional) QoS Profile path for egress traffic on link connected to Tier0 gateway. * `intersite_config` - (Optional) This clause is relevant for Global Manager only. * `transit_subnet` - (Optional) IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. * `primary_site_path` - (Optional) Primary egress site for gateway. -* `ha_mode` - (Optional) High-availability Mode for Tier-1. Valid values are `ACTIVE_ACTIVE` and `ACTIVE_STANDBY`. `ACTIVE_ACTIVE` is supported with NSX version 4.0.0 and above. +* `ha_mode` - (Optional) High-availability Mode for Tier-1. Valid values are `ACTIVE_ACTIVE`, `ACTIVE_STANDBY` and `NONE`. `ACTIVE_ACTIVE` is supported with NSX version 4.0.0 and above. `NONE` mode should be used for Distributed Only. +* `type` - (Optional) This setting is only applicable to VMC and it helps auto-configure router advertisements for the gateway. Valid values are `ROUTED`, `NATTED` and `ISOLATED`. For `ROUTED` and `NATTED`, `tier0_path` should be specified in configuration. ## Attributes Reference