vmware · annakhm · Jun 30, 2023 · Jun 20, 2023 · Jun 21, 2023 · Jun 21, 2023
diff --git a/nsxt/data_source_nsxt_policy_tier1_gateway.go b/nsxt/data_source_nsxt_policy_tier1_gateway.go
@@ -5,6 +5,7 @@ package nsxt
 
 import (
 	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/bindings"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"

diff --git a/nsxt/resource_nsxt_policy_tier1_gateway.go b/nsxt/resource_nsxt_policy_tier1_gateway.go
@@ -44,7 +44,15 @@ var poolAllocationValues = []string{
 
 var t1HaModeValues = []string{
 	model.Tier1_HA_MODE_ACTIVE,
-	model.Tier1_HA_MODE_STANDBY}
+	model.Tier1_HA_MODE_STANDBY,
+	"NONE",
+}
+
+var t1TypeValues = []string{
+	model.Tier1_TYPE_ROUTED,
+	model.Tier1_TYPE_ISOLATED,
+	model.Tier1_TYPE_NATTED,
+}
 
 func resourceNsxtPolicyTier1Gateway() *schema.Resource {
 	return &schema.Resource{
@@ -105,6 +113,7 @@ func resourceNsxtPolicyTier1Gateway() *schema.Resource {
 					ValidateFunc: validation.StringInSlice(advertismentTypeValues, false),
 				},
 				Optional: true,
+				Computed: true,
 			},
 			"route_advertisement_rule": getAdvRulesSchema(),
 			"ipv6_ndra_profile_path":   getIPv6NDRAPathSchema(),
@@ -128,6 +137,12 @@ func resourceNsxtPolicyTier1Gateway() *schema.Resource {
 				Optional:     true,
 				Default:      model.Tier1_HA_MODE_STANDBY,
 			},
+			"type": {
+				Type:         schema.TypeString,
+				Description:  "Tier-1 Type",
+				ValidateFunc: validation.StringInSlice(t1TypeValues, false),
+				Optional:     true,
+			},
 			"context": getContextSchema(),
 		},
 	}
@@ -364,6 +379,7 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche
 	ipv6ProfilePaths := getIpv6ProfilePathsFromSchema(d)
 	dhcpPath := d.Get("dhcp_config_path").(string)
 	haMode := d.Get("ha_mode").(string)
+	connectivityType := d.Get("type").(string)
 	revision := int64(d.Get("revision").(int))
 
 	if haMode == model.Tier1_HA_MODE_ACTIVE && nsxVersionLower("4.0.0") {
@@ -389,7 +405,12 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche
 	}
 
 	if nsxVersionHigherOrEqual("3.2.0") {
-		obj.HaMode = &haMode
+		if haMode != "NONE" {
+			obj.HaMode = &haMode
+		}
+	}
+	if len(connectivityType) > 0 {
+		obj.Type_ = &connectivityType
 	}
 
 	if dhcpPath != "" {
@@ -453,6 +474,19 @@ func policyTier1GatewayResourceToInfraStruct(context utl.SessionContext, d *sche
 	return infraStruct, nil
 }
 
+func validateTier1Type(d *schema.ResourceData) error {
+	connectivityType := d.Get("type").(string)
+	tier0Path := d.Get("tier0_path").(string)
+
+	if connectivityType == model.Tier1_TYPE_ROUTED || connectivityType == model.Tier1_TYPE_NATTED {
+		if len(tier0Path) == 0 {
+			return fmt.Errorf("tier0_path needs to be specified for gateway type %v", connectivityType)
+		}
+	}
+
+	return nil
+}
+
 func resourceNsxtPolicyTier1GatewayCreate(d *schema.ResourceData, m interface{}) error {
 	connector := getPolicyConnector(m)
 
@@ -462,7 +496,13 @@ func resourceNsxtPolicyTier1GatewayCreate(d *schema.ResourceData, m interface{})
 		return err
 	}
 
+	err = validateTier1Type(d)
+	if err != nil {
+		return err
+	}
+
 	obj, err := policyTier1GatewayResourceToInfraStruct(getSessionContext(d, m), d, connector, id)
+
 	if err != nil {
 		return err
 	}
@@ -507,10 +547,15 @@ func resourceNsxtPolicyTier1GatewayRead(d *schema.ResourceData, m interface{}) e
 	d.Set("enable_standby_relocation", obj.EnableStandbyRelocation)
 	d.Set("force_whitelisting", obj.ForceWhitelisting)
 	if nsxVersionHigherOrEqual("3.2.0") {
-		d.Set("ha_mode", obj.HaMode)
+		if obj.HaMode == nil {
+			d.Set("ha_mode", "NONE")
+		} else {
+			d.Set("ha_mode", obj.HaMode)
+		}
 	}
-	if obj.Tier0Path != nil {
-		d.Set("tier0_path", *obj.Tier0Path)
+	d.Set("tier0_path", obj.Tier0Path)
+	if obj.Type_ != nil {
+		d.Set("type", obj.Type_)
 	}
 	d.Set("route_advertisement_types", obj.RouteAdvertisementTypes)
 	d.Set("revision", obj.Revision)

diff --git a/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go b/nsxt/resource_nsxt_policy_tier1_gateway_gm_test.go
@@ -65,7 +65,6 @@ func TestAccResourceNsxtPolicyTier1Gateway_globalManager(t *testing.T) {
 					testAccNsxtPolicyTier1Exists(testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", defaultTestResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""),
-					resource.TestCheckResourceAttr(testResourceName, "route_advertisement_types.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "route_advertisement_rule.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "locale_service.#", "0"),
 					resource.TestCheckResourceAttr(testResourceName, "intersite_config.#", "1"),

diff --git a/nsxt/resource_nsxt_policy_tier1_gateway_test.go b/nsxt/resource_nsxt_policy_tier1_gateway_test.go
@@ -277,6 +277,8 @@ func TestAccResourceNsxtPolicyTier1Gateway_withId(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
 					resource.TestCheckResourceAttr(testResourceName, "id", id),
 					resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"),
+					resource.TestCheckResourceAttr(testResourceName, "ha_mode", "NONE"),
+					resource.TestCheckResourceAttr(testResourceName, "type", "ISOLATED"),
 					resource.TestCheckResourceAttr(testResourceName, "tag.#", "2"),
 					resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""),
 					resource.TestCheckResourceAttr(realizationResourceName, "state", "REALIZED"),
@@ -289,6 +291,8 @@ func TestAccResourceNsxtPolicyTier1Gateway_withId(t *testing.T) {
 					resource.TestCheckResourceAttr(testResourceName, "display_name", updateName),
 					resource.TestCheckResourceAttr(testResourceName, "id", id),
 					resource.TestCheckResourceAttr(testResourceName, "description", "Acceptance Test"),
+					resource.TestCheckResourceAttr(testResourceName, "ha_mode", "NONE"),
+					resource.TestCheckResourceAttr(testResourceName, "type", "ISOLATED"),
 					resource.TestCheckResourceAttr(testResourceName, "tag.#", "2"),
 					resource.TestCheckResourceAttr(testResourceName, "tier0_path", ""),
 					resource.TestCheckResourceAttr(realizationResourceName, "state", "REALIZED"),
@@ -658,6 +662,7 @@ resource "nsxt_policy_tier1_gateway" "test" {
   description   = "Acceptance Test"
   tier0_path    = data.nsxt_policy_tier0_gateway.T0.path
   failover_mode = "%s"
+  type          = "ROUTED"
 
   tag {
     scope = "scope1"
@@ -682,6 +687,8 @@ resource "nsxt_policy_tier1_gateway" "test" {
   nsx_id       = "%s"
   display_name = "%s"
   description  = "Acceptance Test"
+  ha_mode      = "NONE"
+  type         = "ISOLATED"
 
   tag {
     scope = "scope1"

diff --git a/website/docs/r/policy_tier1_gateway.html.markdown b/website/docs/r/policy_tier1_gateway.html.markdown
@@ -137,13 +137,14 @@ The following arguments are supported:
   * `action` - (Required) Action to advertise filtered routes to the connected Tier0 gateway. PERMIT (which is the default): Enables the advertisement, DENY: Disables the advertisement.
   * `subnets` - (Required) list of network CIDRs to be routed.
   * `prefix_operator` - (Optional) Prefix operator to apply on subnets. GE prefix operator (which is the default|) filters all the routes having network subset of any of the networks configured in Advertise rule. EQ prefix operator filter all the routes having network equal to any of the network configured in Advertise rule.The name of the rule.
-* `route_advertisement_types` - (Optional) List of desired types of route advertisements, supported values: `TIER1_STATIC_ROUTES`, `TIER1_CONNECTED`, `TIER1_NAT`, `TIER1_LB_VIP`, `TIER1_LB_SNAT`, `TIER1_DNS_FORWARDER_IP`, `TIER1_IPSEC_LOCAL_ENDPOINT`.
+* `route_advertisement_types` - (Optional) List of desired types of route advertisements, supported values: `TIER1_STATIC_ROUTES`, `TIER1_CONNECTED`, `TIER1_NAT`, `TIER1_LB_VIP`, `TIER1_LB_SNAT`, `TIER1_DNS_FORWARDER_IP`, `TIER1_IPSEC_LOCAL_ENDPOINT`. This field is Computed, meaning that NSX can auto-assign types. Hence, in order to revert to default behavior, set route advertisement values explicitly rather than removing this clause from configuration.
 * `ingress_qos_profile_path` - (Optional) QoS Profile path for ingress traffic on link connected to Tier0 gateway.
 * `egress_qos_profile_path` - (Optional) QoS Profile path for egress traffic on link connected to Tier0 gateway.
 * `intersite_config` - (Optional) This clause is relevant for Global Manager only.
   * `transit_subnet` - (Optional) IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured.
   * `primary_site_path` - (Optional) Primary egress site for gateway.
-* `ha_mode` - (Optional) High-availability Mode for Tier-1. Valid values are `ACTIVE_ACTIVE` and `ACTIVE_STANDBY`.  `ACTIVE_ACTIVE` is supported with NSX version 4.0.0 and above.
+* `ha_mode` - (Optional) High-availability Mode for Tier-1. Valid values are `ACTIVE_ACTIVE`, `ACTIVE_STANDBY` and `NONE`.  `ACTIVE_ACTIVE` is supported with NSX version 4.0.0 and above. `NONE` mode should be used for Distributed Only.
+* `type` - (Optional) This setting is only applicable to VMC and it helps auto-configure router advertisements for the gateway. Valid values are `ROUTED`, `NATTED` and `ISOLATED`. For `ROUTED` and `NATTED`, `tier0_path` should be specified in configuration.
 
 
 ## Attributes Reference