Remove category attribute from VPC GW, security policy resources

Signed-off-by: Kobi Samoray <[email protected]>
vmware · Aug 5, 2024 · 215afcd · 215afcd
1 parent 5a5b043
commit 215afcd
Show file tree

Hide file tree

Showing 13 changed files with 113 additions and 97 deletions.
diff --git a/nsxt/policy_common.go b/nsxt/policy_common.go
@@ -313,25 +313,27 @@ func getSecurityPolicyAndGatewayRuleSchema(scopeRequired bool, isIds bool, nsxID
 	return ruleSchema
 }
 
-func getPolicyGatewayPolicySchema(withDomain bool) map[string]*schema.Schema {
-	secPolicy := getPolicySecurityPolicySchema(false, true, true, withDomain)
+func getPolicyGatewayPolicySchema(isVPC bool) map[string]*schema.Schema {
+	secPolicy := getPolicySecurityPolicySchema(false, true, true, isVPC)
 	// GW Policies don't support scope
 	delete(secPolicy, "scope")
-	secPolicy["category"].ValidateFunc = validation.StringInSlice(gatewayPolicyCategoryWritableValues, false)
+	if !isVPC {
+		secPolicy["category"].ValidateFunc = validation.StringInSlice(gatewayPolicyCategoryWritableValues, false)
+	}
 	// GW Policy rules require scope to be set
-	secPolicy["rule"] = getSecurityPolicyAndGatewayRulesSchema(withDomain, false, true)
+	secPolicy["rule"] = getSecurityPolicyAndGatewayRulesSchema(!isVPC, false, true)
 	return secPolicy
 }
 
-func getPolicySecurityPolicySchema(isIds, withContext, withRule, withDomain bool) map[string]*schema.Schema {
+func getPolicySecurityPolicySchema(isIds, withContext, withRule, isVPC bool) map[string]*schema.Schema {
 	result := map[string]*schema.Schema{
 		"nsx_id":       getNsxIDSchema(),
 		"path":         getPathSchema(),
 		"display_name": getDisplayNameSchema(),
 		"description":  getDescriptionSchema(),
 		"revision":     getRevisionSchema(),
 		"tag":          getTagsSchema(),
-		"context":      getContextSchema(!withDomain, false, !withDomain),
+		"context":      getContextSchema(isVPC, false, isVPC),
 		"domain":       getDomainNameSchema(),
 		"category": {
 			Type:         schema.TypeString,
@@ -395,8 +397,9 @@ func getPolicySecurityPolicySchema(isIds, withContext, withRule, withDomain bool
 	if !withRule {
 		delete(result, "rule")
 	}
-	if !withDomain {
+	if isVPC {
 		delete(result, "domain")
+		delete(result, "category")
 	}
 	return result
 }

diff --git a/nsxt/resource_nsxt_policy_gateway_policy.go b/nsxt/resource_nsxt_policy_gateway_policy.go
@@ -26,7 +26,7 @@ func resourceNsxtPolicyGatewayPolicy() *schema.Resource {
 			State: nsxtDomainResourceImporter,
 		},
 
-		Schema: getPolicyGatewayPolicySchema(true),
+		Schema: getPolicyGatewayPolicySchema(false),
 	}
 }
 
@@ -124,16 +124,15 @@ func getUpdatedRuleChildren(d *schema.ResourceData) ([]*data.StructValue, error)
 
 }
 
-func policyGatewayPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, connector client.Connector, isGlobalManager bool, id string, withDomain bool) error {
+func policyGatewayPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, connector client.Connector, isGlobalManager bool, id string, isVPC bool) error {
 
 	domain := ""
-	if withDomain {
+	if !isVPC {
 		domain = d.Get("domain").(string)
 	}
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
 	tags := getPolicyTagsFromSchema(d)
-	category := d.Get("category").(string)
 	comments := d.Get("comments").(string)
 	locked := d.Get("locked").(bool)
 	sequenceNumber := int64(d.Get("sequence_number").(int))
@@ -145,14 +144,18 @@ func policyGatewayPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, con
 		DisplayName:    &displayName,
 		Description:    &description,
 		Tags:           tags,
-		Category:       &category,
 		Comments:       &comments,
 		Locked:         &locked,
 		SequenceNumber: &sequenceNumber,
 		Stateful:       &stateful,
 		ResourceType:   &objType,
 		Id:             &id,
 	}
+
+	if !isVPC {
+		category := d.Get("category").(string)
+		obj.Category = &category
+	}
 	_, isSet := d.GetOkExists("tcp_strict")
 	if isSet {
 		tcpStrict := d.Get("tcp_strict").(bool)
@@ -184,7 +187,7 @@ func resourceNsxtPolicyGatewayPolicyCreate(d *schema.ResourceData, m interface{}
 		return err
 	}
 
-	err = policyGatewayPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, true)
+	err = policyGatewayPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, false)
 	if err != nil {
 		return handleCreateError("Gateway Policy", id, err)
 	}
@@ -235,7 +238,7 @@ func resourceNsxtPolicyGatewayPolicyUpdate(d *schema.ResourceData, m interface{}
 		return fmt.Errorf("Error obtaining Gateway Policy ID")
 	}
 
-	err := policyGatewayPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, true)
+	err := policyGatewayPolicyBuildAndPatch(d, m, connector, isPolicyGlobalManager(m), id, false)
 	if err != nil {
 		return handleUpdateError("Gateway Policy", id, err)
 	}

diff --git a/nsxt/resource_nsxt_policy_gateway_policy_test.go b/nsxt/resource_nsxt_policy_gateway_policy_test.go
@@ -47,7 +47,7 @@ func testAccResourceNsxtPolicyGatewayPolicyBasic(t *testing.T, withContext bool,
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, comments1, withContext),
+				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, comments1, withContext, true),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyGatewayPolicyExists(testResourceName, defaultDomain),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
@@ -64,7 +64,7 @@ func testAccResourceNsxtPolicyGatewayPolicyBasic(t *testing.T, withContext bool,
 				),
 			},
 			{
-				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, updatedName, comments2, withContext),
+				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, updatedName, comments2, withContext, true),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyGatewayPolicyExists(testResourceName, defaultDomain),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", updatedName),
@@ -220,7 +220,7 @@ func TestAccResourceNsxtPolicyGatewayPolicy_importBasic(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, "import", false),
+				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, "import", false, true),
 			},
 			{
 				ResourceName:      testResourceName,
@@ -244,7 +244,7 @@ func TestAccResourceNsxtPolicyGatewayPolicy_importBasic_multitenancy(t *testing.
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, "import", true),
+				Config: testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, "import", true, true),
 			},
 			{
 				ResourceName:      testResourceName,
@@ -626,17 +626,23 @@ resource "nsxt_policy_gateway_policy" "test" {
 }`, name, comments)
 }
 
-func testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, comments string, withContext bool) string {
+func testAccNsxtPolicyGatewayPolicyBasic(resourceName, name, comments string, withContext, withCategory bool) string {
 	context := ""
 	if withContext {
 		context = testAccNsxtPolicyMultitenancyContext()
 	}
+	category := ""
+	if withCategory {
+		category = `
+  category        = "LocalGatewayRules"
+`
+	}
 	return fmt.Sprintf(`
 resource "%s" "test" {
 %s
   display_name    = "%s"
   description     = "Acceptance Test"
-  category        = "LocalGatewayRules"
+%s
   comments        = "%s"
   locked          = true
   sequence_number = 3
@@ -648,7 +654,7 @@ resource "%s" "test" {
     tag   = "orange"
   }
 
-}`, resourceName, context, name, comments)
+}`, resourceName, context, name, category, comments)
 }
 
 func testAccNsxtPolicyGatewayPolicyWithRule(resourceName, name, direction, protocol, ruleTag string, withContext bool) string {

diff --git a/nsxt/resource_nsxt_policy_intrusion_service_policy.go b/nsxt/resource_nsxt_policy_intrusion_service_policy.go
@@ -29,7 +29,7 @@ func resourceNsxtPolicyIntrusionServicePolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(true, true, true, true),
+		Schema: getPolicySecurityPolicySchema(true, true, true, false),
 	}
 }
 

diff --git a/nsxt/resource_nsxt_policy_parent_security_policy.go b/nsxt/resource_nsxt_policy_parent_security_policy.go
@@ -21,15 +21,19 @@ func resourceNsxtPolicyParentSecurityPolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(false, true, false, true),
+		Schema: getPolicySecurityPolicySchema(false, true, false, false),
 	}
 }
 
 func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.SecurityPolicy {
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
 	tags := getPolicyTagsFromSchema(d)
-	category := d.Get("category").(string)
+	cat, ok := d.GetOk("category")
+	category := ""
+	if ok {
+		category = cat.(string)
+	}
 	comments := d.Get("comments").(string)
 	locked := d.Get("locked").(bool)
 
@@ -39,12 +43,11 @@ func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.
 	tcpStrict := d.Get("tcp_strict").(bool)
 	objType := "SecurityPolicy"
 
-	return model.SecurityPolicy{
+	obj := model.SecurityPolicy{
 		Id:             &id,
 		DisplayName:    &displayName,
 		Description:    &description,
 		Tags:           tags,
-		Category:       &category,
 		Comments:       &comments,
 		Locked:         &locked,
 		Scope:          scope,
@@ -53,13 +56,17 @@ func parentSecurityPolicySchemaToModel(d *schema.ResourceData, id string) model.
 		TcpStrict:      &tcpStrict,
 		ResourceType:   &objType,
 	}
+	if category != "" {
+		obj.Category = &category
+	}
+	return obj
 }
 
-func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}, withDomain bool) (*model.SecurityPolicy, error) {
+func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}, isVPC bool) (*model.SecurityPolicy, error) {
 	connector := getPolicyConnector(m)
 	id := d.Id()
 	domainName := ""
-	if withDomain {
+	if !isVPC {
 		domainName = d.Get("domain").(string)
 	}
 	if id == "" {
@@ -78,10 +85,10 @@ func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}, wi
 	setPolicyTagsInSchema(d, obj.Tags)
 	d.Set("nsx_id", id)
 	d.Set("path", obj.Path)
-	if withDomain {
+	if !isVPC {
 		d.Set("domain", getDomainFromResourcePath(*obj.Path))
+		d.Set("category", obj.Category)
 	}
-	d.Set("category", obj.Category)
 	d.Set("comments", obj.Comments)
 	d.Set("locked", obj.Locked)
 	if len(obj.Scope) == 1 && obj.Scope[0] == "ANY" {
@@ -97,15 +104,15 @@ func parentSecurityPolicyModelToSchema(d *schema.ResourceData, m interface{}, wi
 }
 
 func resourceNsxtPolicyParentSecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false, true)
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, false, false)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false, true)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, false, false)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false, true)
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, false, false)
 }
 
 func resourceNsxtPolicyParentSecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {

diff --git a/nsxt/resource_nsxt_policy_security_policy.go b/nsxt/resource_nsxt_policy_security_policy.go
@@ -24,7 +24,7 @@ func resourceNsxtPolicySecurityPolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: nsxtDomainResourceImporter,
 		},
-		Schema: getPolicySecurityPolicySchema(false, true, true, true),
+		Schema: getPolicySecurityPolicySchema(false, true, true, false),
 	}
 }
 
@@ -61,10 +61,10 @@ func resourceNsxtPolicySecurityPolicyExistsPartial(domainName string) func(sessi
 	}
 }
 
-func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule, withDomain bool) error {
+func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id string, createFlow, withRule, isVPC bool) error {
 	obj := parentSecurityPolicySchemaToModel(d, id)
 	domain := ""
-	if withDomain {
+	if !isVPC {
 		domain = d.Get("domain").(string)
 	}
 	revision := int64(d.Get("revision").(int))
@@ -95,15 +95,15 @@ func policySecurityPolicyBuildAndPatch(d *schema.ResourceData, m interface{}, id
 }
 
 func resourceNsxtPolicySecurityPolicyCreate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true, true)
+	return resourceNsxtPolicySecurityPolicyGeneralCreate(d, m, true, false)
 }
 
 func resourceNsxtPolicySecurityPolicyRead(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true, true)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, true, false)
 }
 
 func resourceNsxtPolicySecurityPolicyUpdate(d *schema.ResourceData, m interface{}) error {
-	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true, true)
+	return resourceNsxtPolicySecurityPolicyGeneralUpdate(d, m, true, false)
 }
 
 func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{}) error {
@@ -127,18 +127,18 @@ func resourceNsxtPolicySecurityPolicyDelete(d *schema.ResourceData, m interface{
 	return nil
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
+func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m interface{}, withRule, isVPC bool) error {
 	// Initialize resource Id and verify this ID is not yet used
 	domain := ""
-	if withDomain {
+	if !isVPC {
 		domain = d.Get("domain").(string)
 	}
 	id, err := getOrGenerateID2(d, m, resourceNsxtPolicySecurityPolicyExistsPartial(domain))
 	if err != nil {
 		return err
 	}
 
-	err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule, withDomain)
+	err = policySecurityPolicyBuildAndPatch(d, m, id, true, withRule, isVPC)
 
 	if err != nil {
 		return handleCreateError("Security Policy", id, err)
@@ -147,11 +147,11 @@ func resourceNsxtPolicySecurityPolicyGeneralCreate(d *schema.ResourceData, m int
 	d.SetId(id)
 	d.Set("nsx_id", id)
 
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, isVPC)
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
-	obj, err := parentSecurityPolicyModelToSchema(d, m, withDomain)
+func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m interface{}, withRule, isVPC bool) error {
+	obj, err := parentSecurityPolicyModelToSchema(d, m, isVPC)
 	if err != nil {
 		return handleReadError(d, "SecurityPolicy", d.Id(), err)
 	}
@@ -161,15 +161,15 @@ func resourceNsxtPolicySecurityPolicyGeneralRead(d *schema.ResourceData, m inter
 	return nil
 }
 
-func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule, withDomain bool) error {
+func resourceNsxtPolicySecurityPolicyGeneralUpdate(d *schema.ResourceData, m interface{}, withRule, isVPC bool) error {
 	id := d.Id()
 	if id == "" {
 		return fmt.Errorf("Error obtaining Security Policy id")
 	}
-	err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule, withDomain)
+	err := policySecurityPolicyBuildAndPatch(d, m, id, false, withRule, isVPC)
 	if err != nil {
 		return handleUpdateError("Security Policy", id, err)
 	}
 
-	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, withDomain)
+	return resourceNsxtPolicySecurityPolicyGeneralRead(d, m, withRule, isVPC)
 }