Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support on-demand connection init in the provider #948

Merged
merged 1 commit into from
Aug 23, 2023
Merged

Support on-demand connection init in the provider #948

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 37 additions & 1 deletion nsxt/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,12 @@ func Provider() *schema.Provider {
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("NSXT_CA", nil),
},
"on_demand_connection": {
Type: schema.TypeBool,
Optional: true,
Description: "Avoid initializing NSX connection on startup",
DefaultFunc: schema.EnvDefaultFunc("NSXT_ON_DEMAND_CONNECTION", false),
},
},

DataSourcesMap: map[string]*schema.Resource{
Expand Down Expand Up @@ -407,13 +413,19 @@ func Provider() *schema.Provider {
}

func configureNsxtClient(d *schema.ResourceData, clients *nsxtClients) error {
onDemandConn := d.Get("on_demand_connection").(bool)
clientAuthCertFile := d.Get("client_auth_cert_file").(string)
clientAuthKeyFile := d.Get("client_auth_key_file").(string)
clientAuthCert := d.Get("client_auth_cert").(string)
clientAuthKey := d.Get("client_auth_key").(string)
vmcToken := d.Get("vmc_token").(string)
vmcAuthMode := d.Get("vmc_auth_mode").(string)

if onDemandConn {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make more sense if we make vmc params taking precedence over this on_demand_connection, in that if vmc tokens / mode is set, on_demand_connection is ignored and turned off?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its preferrable that user is aware the setting is not applicable, and corrects the configuration

// On demand connection option is not supported with old SDK
return nil
}

if (len(vmcToken) > 0) || (vmcAuthMode == "Basic") {
// VMC can operate without token with basic auth, however MP API is not
// available for cloud admin user
Expand Down Expand Up @@ -605,6 +617,7 @@ func getConnectorTLSConfig(d *schema.ResourceData) (*tls.Config, error) {
}

func configurePolicyConnectorData(d *schema.ResourceData, clients *nsxtClients) error {
onDemandConn := d.Get("on_demand_connection").(bool)
host := d.Get("host").(string)
username := d.Get("username").(string)
password := d.Get("password").(string)
Expand All @@ -617,6 +630,19 @@ func configurePolicyConnectorData(d *schema.ResourceData, clients *nsxtClients)
policyGlobalManager := d.Get("global_manager").(bool)
vmcAuthMode := d.Get("vmc_auth_mode").(string)

isVMC := false
if (len(vmcAccessToken) > 0) || (vmcAuthMode == "Basic") {
isVMC = true
if onDemandConn {
return fmt.Errorf("on demand connection option is not supported with VMC")
}
}

if d.HasChange("license_keys") && onDemandConn {
// TODO - remove this constraint when license is rewritten with new SDK
return fmt.Errorf("on demand connection option is not supported with license feature")
}

if host == "" {
return fmt.Errorf("host must be provided")
}
Expand Down Expand Up @@ -683,7 +709,12 @@ func configurePolicyConnectorData(d *schema.ResourceData, clients *nsxtClients)
clients.PolicyEnforcementPoint = policyEnforcementPoint
clients.PolicyGlobalManager = policyGlobalManager

if (len(vmcAccessToken) > 0) || (vmcAuthMode == "Basic") {
if onDemandConn {
// version init will happen on demand
return nil
}

if isVMC {
// Special treatment for VMC since MP API is not available there
initNSXVersionVMC(*clients)
return nil
Expand Down Expand Up @@ -936,6 +967,11 @@ func getPolicyConnectorWithHeaders(clients interface{}, customHeaders *map[strin
connectorOptions = append(connectorOptions, client.WithRequestProcessors(requestProcessors...))
}
connector := client.NewConnector(c.Host, connectorOptions...)

// Init NSX version if not done yet
if nsxVersion == "" {
initNSXVersion(connector)
}
return connector
}

Expand Down
7 changes: 6 additions & 1 deletion website/docs/index.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,12 @@ The following arguments are used to configure the VMware NSX-T Provider:
* `global_manager` - (Optional) True if this is a global manager endpoint.
False by default.
* `license_keys` - (Optional) List of NSX-T license keys. License keys are applied
during plan and will not be deleted if they are removed from the configuration.
during plan or apply commands.
* `on_demand_connection` - (Optional) Avoid verification on NSX connectivity on provider
startup. Instead, initialize the connection on demand. This setting can not be turned on
for VMC environments, and is not supported with deprecated NSX manager resources and
data sources. Note - this setting is useful when NSX manager is not yet available at
time of provider evaluation, and not recommended to be turned on otherwise.

## NSX Logical Networking

Expand Down