vmware-archive · dcoghlan · Nov 13, 2019 · Nov 12, 2019 · Nov 12, 2019 · Nov 13, 2019
diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1
@@ -28519,6 +28519,11 @@ function Set-NsxFirewallRule {
     Get-NsxFirewallRule -Ruleid 1007 | Set-NsxFirewallRule -action deny
 
     Change action to deny to RuleId 1007
+
+    .EXAMPLE
+    Get-NsxFirewallRule -Ruleid 1007 | Set-NsxFirewallRule -comment "My Comment"
+
+    Set/update the comment of the RuleId 1007
     #>
 
     param (
@@ -28537,6 +28542,9 @@ function Set-NsxFirewallRule {
         [Parameter (Mandatory=$false)]
             [ValidateSet("Allow","Deny", "Reject")]
             [string]$action,
+        [Parameter (Mandatory=$false)]
+            [ValidateNotNullOrEmpty()]
+            [string]$comment,
         [Parameter (Mandatory=$false)]
             #PowerNSX Connection object.
             [ValidateNotNullOrEmpty()]
@@ -28570,6 +28578,15 @@ function Set-NsxFirewallRule {
             $_FirewallRule.action = $action
         }
 
+
+        if ( $PsBoundParameters.ContainsKey('comment') ) {
+            if ( (Invoke-XPathQuery -QueryMethod SelectSingleNode -Node $_FirewallRule -Query 'descendant::notes')) {
+                $_FirewallRule.notes = $comment.ToString()
+            } else{
+                 Add-XmlElement -xmlRoot $_FirewallRule -xmlElementName "notes" -xmlElementText $comment.ToString()
+            }
+        }
+
         $uri = "/api/4.0/firewall/globalroot-0/config/layer3sections/$sectionId/rules/$Ruleid"
         #Need the IfMatch header to specify the current section generation id
         $IfMatchHeader = @{"If-Match"=$generationNumber}

diff --git a/tests/integration/05.Dfw.Tests.ps1 b/tests/integration/05.Dfw.Tests.ps1
@@ -1942,12 +1942,17 @@ Describe "DFW" {
             $rule.action | should be deny
             $rule.disabled | should be "false"
             $rule.logged | should be "true"
-            $rule = Get-NsxFirewallSection -Name $l3sectionname | Get-NsxFirewallRule -Name "pester_dfw_rule1" | Set-NsxFirewallRule -name "modified_pester_dfw_rule1" -action allow -disabled:$true -logged:$false
+            #There is no comment before, it will be add
+            $rule = Get-NsxFirewallSection -Name $l3sectionname | Get-NsxFirewallRule -Name "pester_dfw_rule1" | Set-NsxFirewallRule -name "modified_pester_dfw_rule1" -action allow -disabled:$true -logged:$false -comment "My Comment"
             $rule | should not be $null
             $rule.name | should be "modified_pester_dfw_rule1"
             $rule.action | should be allow
             $rule.disabled | should be "true"
             $rule.logged | should be "false"
+            $rule.notes | should be "My Comment"
+            #There is already a comment, it will be replaced
+            $rule = Get-NsxFirewallSection -Name $l3sectionname | Get-NsxFirewallRule -Name "modified_pester_dfw_rule1" | Set-NsxFirewallRule -comment "My Comment 2"
+            $rule.notes | should be "My Comment 2"
         }
 
         BeforeEach {