Add implementation for vapp network static routing rules resource

CHANGELOG.md

@@ -10,6 +10,7 @@ FEATURES:
 * **New Resource:** `vcd_org_group` Org Group management [GH-513]
 * **New Resource:** `resource/vcd_vapp_firewall_rules` vApp network firewall rules [GH-511]
 * **New Resource:** `resource/vcd_vapp_nat_rules` vApp network NAT rules [GH-518]
+* **New Resource:** `resource/vcd_vapp_static_routing` vApp network static routing rules [GH-520]
 
 IMPROVEMENTS:
 

go.mod

@@ -9,6 +9,8 @@ require (
 	github.com/hashicorp/hcl/v2 v2.3.0 // indirect
 	github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7 // indirect
 	github.com/hashicorp/terraform-plugin-sdk v1.8.0
-	github.com/vmware/go-vcloud-director/v2 v2.8.0-beta.1
+	github.com/vmware/go-vcloud-director/v2 v2.8.0-alpha.8
 	golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 // indirect
 )
+
+replace github.com/vmware/go-vcloud-director/v2 => github.com/vbauzysvmware/go-vcloud-director/v2 v2.0.0-20200626055020-86ee4364334d

go.sum

@@ -207,12 +207,12 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok=
 github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/vbauzysvmware/go-vcloud-director/v2 v2.0.0-20200626055020-86ee4364334d h1:1K9cQwwIMb1mx4PoSPUFosY8FT8NSCvB9BYp6nqzSe4=
+github.com/vbauzysvmware/go-vcloud-director/v2 v2.0.0-20200626055020-86ee4364334d/go.mod h1:QARPFI5EJce4Cs9g0gL5mlHGhdN7C40CyOqvh7c+RrA=
 github.com/vmihailenco/msgpack v3.3.3+incompatible h1:wapg9xDUZDzGCNFlwc5SqI1rvcciqcxEHac4CYj89xI=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack v4.0.1+incompatible h1:RMF1enSPeKTlXrXdOcqjFUElywVZjjC6pqse21bKbEU=
 github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmware/go-vcloud-director/v2 v2.8.0-beta.1 h1:hP7wb+9A9jPxL2MYWgQlwyB0bOGzRnqK2q7PL/sa8Vc=
-github.com/vmware/go-vcloud-director/v2 v2.8.0-beta.1/go.mod h1:QARPFI5EJce4Cs9g0gL5mlHGhdN7C40CyOqvh7c+RrA=
 github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
 github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
 github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=

vcd/datasource_vcd_vapp_network.go

@@ -73,16 +73,6 @@ func datasourceVcdVappNetwork() *schema.Resource {
 				Computed:    true,
 				Description: "org network name to which vapp network is connected",
 			},
-			"firewall_enabled": {
-				Type:        schema.TypeBool,
-				Computed:    true,
-				Description: "firewall service enabled or disabled. Default is true",
-			},
-			"nat_enabled": {
-				Type:        schema.TypeBool,
-				Computed:    true,
-				Description: "NAT service enabled or disabled. Default is true",
-			},
 			"retain_ip_mac_enabled": {
 				Type:        schema.TypeBool,
 				Computed:    true,

vcd/datasource_vcd_vapp_network_test.go

@@ -26,8 +26,6 @@ func TestAccVcdVappNetworkDS(t *testing.T) {
 	const maxLeaseTime = 3500
 	const defaultLeaseTime = 2400
 	var guestVlanAllowed = true
-	var fwEnabled = false
-	var natEnabled = false
 	var retainIpMacEnabled = true
 
 	var params = StringMap{
@@ -52,8 +50,6 @@ func TestAccVcdVappNetworkDS(t *testing.T) {
 		"dhcpEnabled":        "true",
 		"orgNetwork":         "TestAccVcdVappNetworkDSOrgNetwork",
 		"EdgeGateway":        testConfig.Networking.EdgeGateway,
-		"firewallEnabled":    fwEnabled,
-		"natEnabled":         natEnabled,
 		"retainIpMacEnabled": retainIpMacEnabled,
 	}
 	configText := templateFill(datasourceTestVappNetwork, params)
@@ -82,14 +78,14 @@ func TestAccVcdVappNetworkDS(t *testing.T) {
 					resource.TestCheckOutput("staticIpPoolStartAddress", startAddress),
 					resource.TestCheckOutput("staticIpPoolEndAddress", endAddress),
 					resource.TestCheckOutput("orgNetwork", params["orgNetwork"].(string)),
-					testCheckVappNetworkNonStringOutputs(guestVlanAllowed, fwEnabled, natEnabled, retainIpMacEnabled),
+					testCheckVappNetworkNonStringOutputs(guestVlanAllowed, retainIpMacEnabled),
 				),
 			},
 		},
 	})
 }
 
-func testCheckVappNetworkNonStringOutputs(guestVlanAllowed, firewallEnabled, natEnabled, retainIpMacEnabled bool) resource.TestCheckFunc {
+func testCheckVappNetworkNonStringOutputs(guestVlanAllowed, retainIpMacEnabled bool) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		outputs := s.RootModule().Outputs
 
@@ -101,13 +97,6 @@ func testCheckVappNetworkNonStringOutputs(guestVlanAllowed, firewallEnabled, nat
 			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
 		}
 
-		if outputs["firewall_enabled"].Value != firewallEnabled {
-			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
-		}
-
-		if outputs["nat_enabled"].Value != natEnabled {
-			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
-		}
 		return nil
 	}
 }
@@ -159,8 +148,6 @@ resource "vcd_vapp_network" "createdVappNetwork" {
   }
 
   org_network_name      = vcd_network_routed.{{.orgNetwork}}.name
-  firewall_enabled      = "{{.firewallEnabled}}"
-  nat_enabled           = "{{.natEnabled}}"
   retain_ip_mac_enabled = "{{.retainIpMacEnabled}}"
 }
 
@@ -208,11 +195,5 @@ output "orgNetwork" {
 } 
 output "retain_ip_mac_enabled" {
   value = data.vcd_vapp_network.network-ds.retain_ip_mac_enabled
-} 
-output "firewall_enabled" {
-  value = data.vcd_vapp_network.network-ds.firewall_enabled
-} 
-output "nat_enabled" {
-  value = data.vcd_vapp_network.network-ds.nat_enabled
-} 
+}
 `

vcd/datasource_vcd_vapp_org_network.go

@@ -39,16 +39,6 @@ func datasourceVcdVappOrgNetwork() *schema.Resource {
 				Computed:    true,
 				Description: "Specifies whether the network resources such as IP/MAC of router will be retained across deployments.",
 			},
-			"firewall_enabled": {
-				Type:        schema.TypeBool,
-				Computed:    true,
-				Description: "firewall service enabled or disabled. Default is true",
-			},
-			"nat_enabled": {
-				Type:        schema.TypeBool,
-				Computed:    true,
-				Description: "NAT service enabled or disabled. Default is true",
-			},
 		},
 	}
 }

vcd/datasource_vcd_vapp_org_network_test.go

@@ -13,8 +13,6 @@ import (
 
 // TestAccVcdVappOrgNetworkDS tests a vApp org network data source if a vApp is found in the VDC
 func TestAccVcdVappOrgNetworkDS(t *testing.T) {
-	var fwEnabled = false
-	var natEnabled = false
 	var retainIpMacEnabled = true
 
 	var params = StringMap{
@@ -23,8 +21,6 @@ func TestAccVcdVappOrgNetworkDS(t *testing.T) {
 		"vappName":           "TestAccVcdVappOrgNetworkDS",
 		"orgNetwork":         "TestAccVcdVappOrgNetworkDSOrgNetwork",
 		"EdgeGateway":        testConfig.Networking.EdgeGateway,
-		"firewallEnabled":    fwEnabled,
-		"natEnabled":         natEnabled,
 		"retainIpMacEnabled": retainIpMacEnabled,
 		"isFenced":           "true",
 
@@ -45,28 +41,21 @@ func TestAccVcdVappOrgNetworkDS(t *testing.T) {
 			resource.TestStep{
 				Config: configText,
 				Check: resource.ComposeTestCheckFunc(
-					testCheckVappOrgNetworkNonStringOutputs(fwEnabled, natEnabled, retainIpMacEnabled),
+					testCheckVappOrgNetworkNonStringOutputs(retainIpMacEnabled),
 				),
 			},
 		},
 	})
 }
 
-func testCheckVappOrgNetworkNonStringOutputs(firewallEnabled, natEnabled, retainIpMacEnabled bool) resource.TestCheckFunc {
+func testCheckVappOrgNetworkNonStringOutputs(retainIpMacEnabled bool) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		outputs := s.RootModule().Outputs
 
 		if outputs["retain_ip_mac_enabled"].Value != retainIpMacEnabled {
 			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
 		}
 
-		if outputs["firewall_enabled"].Value != firewallEnabled {
-			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
-		}
-
-		if outputs["nat_enabled"].Value != natEnabled {
-			return fmt.Errorf("retain_ip_mac_enabled value didn't match")
-		}
 		return nil
 	}
 }
@@ -99,8 +88,6 @@ resource "vcd_vapp_org_network" "createVappOrgNetwork" {
 
   is_fenced = "{{.isFenced}}"
 
-  firewall_enabled      = "{{.firewallEnabled}}"
-  nat_enabled           = "{{.natEnabled}}"
   retain_ip_mac_enabled = "{{.retainIpMacEnabled}}"
 }
 
@@ -111,11 +98,5 @@ data "vcd_vapp_org_network" "network-ds" {
 
 output "retain_ip_mac_enabled" {
   value = data.vcd_vapp_org_network.network-ds.retain_ip_mac_enabled
-} 
-output "firewall_enabled" {
-  value = data.vcd_vapp_org_network.network-ds.firewall_enabled
-} 
-output "nat_enabled" {
-  value = data.vcd_vapp_org_network.network-ds.nat_enabled
-} 
+}  
 `

vcd/provider.go

@@ -56,43 +56,44 @@ var globalDataSourceMap = map[string]*schema.Resource{
 
 var globalResourceMap = map[string]*schema.Resource{
 
-	"vcd_network":             resourceVcdNetwork(),             // 1.0 DEPRECATED: replaced by vcd_network_routed
-	"vcd_network_routed":      resourceVcdNetworkRouted(),       // 2.0
-	"vcd_network_direct":      resourceVcdNetworkDirect(),       // 2.0
-	"vcd_network_isolated":    resourceVcdNetworkIsolated(),     // 2.0
-	"vcd_vapp_network":        resourceVcdVappNetwork(),         // 2.1
-	"vcd_vapp":                resourceVcdVApp(),                // 1.0
-	"vcd_firewall_rules":      resourceVcdFirewallRules(),       // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_firewall_rule
-	"vcd_dnat":                resourceVcdDNAT(),                // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_dnat
-	"vcd_snat":                resourceVcdSNAT(),                // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_snat
-	"vcd_edgegateway":         resourceVcdEdgeGateway(),         // 2.4
-	"vcd_edgegateway_vpn":     resourceVcdEdgeGatewayVpn(),      // 1.0
-	"vcd_vapp_vm":             resourceVcdVAppVm(),              // 1.0
-	"vcd_org":                 resourceOrg(),                    // 2.0
-	"vcd_org_vdc":             resourceVcdOrgVdc(),              // 2.2
-	"vcd_org_user":            resourceVcdOrgUser(),             // 2.4
-	"vcd_catalog":             resourceVcdCatalog(),             // 2.0
-	"vcd_catalog_item":        resourceVcdCatalogItem(),         // 2.0
-	"vcd_catalog_media":       resourceVcdCatalogMedia(),        // 2.0
-	"vcd_inserted_media":      resourceVcdInsertedMedia(),       // 2.1
-	"vcd_independent_disk":    resourceVcdIndependentDisk(),     // 2.1
-	"vcd_external_network":    resourceVcdExternalNetwork(),     // 2.2
-	"vcd_lb_service_monitor":  resourceVcdLbServiceMonitor(),    // 2.4
-	"vcd_lb_server_pool":      resourceVcdLBServerPool(),        // 2.4
-	"vcd_lb_app_profile":      resourceVcdLBAppProfile(),        // 2.4
-	"vcd_lb_app_rule":         resourceVcdLBAppRule(),           // 2.4
-	"vcd_lb_virtual_server":   resourceVcdLBVirtualServer(),     // 2.4
-	"vcd_nsxv_dnat":           resourceVcdNsxvDnat(),            // 2.5
-	"vcd_nsxv_snat":           resourceVcdNsxvSnat(),            // 2.5
-	"vcd_nsxv_firewall_rule":  resourceVcdNsxvFirewallRule(),    // 2.5
-	"vcd_nsxv_dhcp_relay":     resourceVcdNsxvDhcpRelay(),       // 2.6
-	"vcd_nsxv_ip_set":         resourceVcdIpSet(),               // 2.6
-	"vcd_vm_internal_disk":    resourceVmInternalDisk(),         // 2.7
-	"vcd_vapp_org_network":    resourceVcdVappOrgNetwork(),      // 2.7
-	"vcd_org_group":           resourceVcdOrgGroup(),            // 2.9
-	"vcd_vapp_firewall_rules": resourceVcdVappFirewallRules(),   // 2.9
-	"vcd_vapp_nat_rules":      resourceVcdVappNetworkNatRules(), // 2.9
-	"vcd_vm_affinity_rule":    resourceVcdVmAffinityRule(),      // 2.9
+	"vcd_network":             resourceVcdNetwork(),                  // 1.0 DEPRECATED: replaced by vcd_network_routed
+	"vcd_network_routed":      resourceVcdNetworkRouted(),            // 2.0
+	"vcd_network_direct":      resourceVcdNetworkDirect(),            // 2.0
+	"vcd_network_isolated":    resourceVcdNetworkIsolated(),          // 2.0
+	"vcd_vapp_network":        resourceVcdVappNetwork(),              // 2.1
+	"vcd_vapp":                resourceVcdVApp(),                     // 1.0
+	"vcd_firewall_rules":      resourceVcdFirewallRules(),            // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_firewall_rule
+	"vcd_dnat":                resourceVcdDNAT(),                     // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_dnat
+	"vcd_snat":                resourceVcdSNAT(),                     // 1.0 DEPRECATED: Use only for non-advanced edge gateway. Replaced by vcd_nsxv_snat
+	"vcd_edgegateway":         resourceVcdEdgeGateway(),              // 2.4
+	"vcd_edgegateway_vpn":     resourceVcdEdgeGatewayVpn(),           // 1.0
+	"vcd_vapp_vm":             resourceVcdVAppVm(),                   // 1.0
+	"vcd_org":                 resourceOrg(),                         // 2.0
+	"vcd_org_vdc":             resourceVcdOrgVdc(),                   // 2.2
+	"vcd_org_user":            resourceVcdOrgUser(),                  // 2.4
+	"vcd_catalog":             resourceVcdCatalog(),                  // 2.0
+	"vcd_catalog_item":        resourceVcdCatalogItem(),              // 2.0
+	"vcd_catalog_media":       resourceVcdCatalogMedia(),             // 2.0
+	"vcd_inserted_media":      resourceVcdInsertedMedia(),            // 2.1
+	"vcd_independent_disk":    resourceVcdIndependentDisk(),          // 2.1
+	"vcd_external_network":    resourceVcdExternalNetwork(),          // 2.2
+	"vcd_lb_service_monitor":  resourceVcdLbServiceMonitor(),         // 2.4
+	"vcd_lb_server_pool":      resourceVcdLBServerPool(),             // 2.4
+	"vcd_lb_app_profile":      resourceVcdLBAppProfile(),             // 2.4
+	"vcd_lb_app_rule":         resourceVcdLBAppRule(),                // 2.4
+	"vcd_lb_virtual_server":   resourceVcdLBVirtualServer(),          // 2.4
+	"vcd_nsxv_dnat":           resourceVcdNsxvDnat(),                 // 2.5
+	"vcd_nsxv_snat":           resourceVcdNsxvSnat(),                 // 2.5
+	"vcd_nsxv_firewall_rule":  resourceVcdNsxvFirewallRule(),         // 2.5
+	"vcd_nsxv_dhcp_relay":     resourceVcdNsxvDhcpRelay(),            // 2.6
+	"vcd_nsxv_ip_set":         resourceVcdIpSet(),                    // 2.6
+	"vcd_vm_internal_disk":    resourceVmInternalDisk(),              // 2.7
+	"vcd_vapp_org_network":    resourceVcdVappOrgNetwork(),           // 2.7
+	"vcd_org_group":           resourceVcdOrgGroup(),                 // 2.9
+	"vcd_vapp_firewall_rules": resourceVcdVappFirewallRules(),        // 2.9
+	"vcd_vapp_nat_rules":      resourceVcdVappNetworkNatRules(),      // 2.9
+	"vcd_vapp_static_routing": resourceVcdVappNetworkStaticRouting(), // 2.9
+	"vcd_vm_affinity_rule":    resourceVcdVmAffinityRule(),           // 2.9
 }
 
 // Provider returns a terraform.ResourceProvider.

vcd/resource_vcd_vapp_firewall_rules.go

@@ -49,6 +49,12 @@ func resourceVcdVappFirewallRules() *schema.Resource {
 				ForceNew:    true,
 				Description: "vApp network identifier",
 			},
+			"enabled": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Enable or disable firewall service.",
+			},
 			"default_action": &schema.Schema{
 				Type:         schema.TypeString,
 				Required:     true,
@@ -174,7 +180,7 @@ func resourceVcdVappFirewallRulesUpdate(d *schema.ResourceData, meta interface{}
 		return fmt.Errorf("error expanding firewall rules: %s", err)
 	}
 
-	vappNetwork, err := vapp.UpdateNetworkFirewallRules(networkId, firewallRules,
+	vappNetwork, err := vapp.UpdateNetworkFirewallRules(networkId, firewallRules, d.Get("enabled").(bool),
 		d.Get("default_action").(string), d.Get("log_default_action").(bool))
 	if err != nil {
 		log.Printf("[INFO] Error setting firewall rules: %s", err)
@@ -260,6 +266,7 @@ func resourceVappFirewallRulesRead(d *schema.ResourceData, meta interface{}) err
 	if err != nil {
 		return err
 	}
+	_ = d.Set("enabled", vappNetwork.Configuration.Features.FirewallService.IsEnabled)
 	_ = d.Set("default_action", vappNetwork.Configuration.Features.FirewallService.DefaultAction)
 	_ = d.Set("log_default_action", vappNetwork.Configuration.Features.FirewallService.LogDefaultAction)