Add visibility attr to policy IP block (#1195)

This change adds support of visibility to IP Block resource.

Signed-off-by: Shawn Wang <[email protected]>

nsxt/resource_nsxt_policy_ip_block.go

@@ -8,13 +8,19 @@ import (
 	"log"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model"
 
 	"github.com/vmware/terraform-provider-nsxt/api/infra"
 	utl "github.com/vmware/terraform-provider-nsxt/api/utl"
 )
 
+var visibilityTypes = []string{
+	model.IpAddressBlock_VISIBILITY_EXTERNAL,
+	model.IpAddressBlock_VISIBILITY_PRIVATE,
+}
+
 func resourceNsxtPolicyIPBlock() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceNsxtPolicyIPBlockCreate,
@@ -39,6 +45,12 @@ func resourceNsxtPolicyIPBlock() *schema.Resource {
 				Required:     true,
 				ValidateFunc: validateCidr(),
 			},
+			"visibility": {
+				Type:         schema.TypeString,
+				Description:  "Visibility of the Ip Block. Cannot be updated once associated with other resources.",
+				Optional:     true,
+				ValidateFunc: validation.StringInSlice(visibilityTypes, false),
+			},
 		},
 	}
 }
@@ -79,6 +91,7 @@ func resourceNsxtPolicyIPBlockRead(d *schema.ResourceData, m interface{}) error
 	d.Set("path", block.Path)
 	d.Set("revision", block.Revision)
 	d.Set("cidr", block.Cidr)
+	d.Set("visibility", block.Visibility)
 
 	return nil
 }
@@ -95,6 +108,7 @@ func resourceNsxtPolicyIPBlockCreate(d *schema.ResourceData, m interface{}) erro
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
 	cidr := d.Get("cidr").(string)
+	visibility := d.Get("visibility").(string)
 	tags := getPolicyTagsFromSchema(d)
 
 	obj := model.IpAddressBlock{
@@ -103,7 +117,9 @@ func resourceNsxtPolicyIPBlockCreate(d *schema.ResourceData, m interface{}) erro
 		Cidr:        &cidr,
 		Tags:        tags,
 	}
-
+	if nsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 {
+		obj.Visibility = &visibility
+	}
 	// Create the resource using PATCH
 	log.Printf("[INFO] Creating IP Block with ID %s", id)
 	err = client.Patch(id, obj)
@@ -129,6 +145,7 @@ func resourceNsxtPolicyIPBlockUpdate(d *schema.ResourceData, m interface{}) erro
 	displayName := d.Get("display_name").(string)
 	description := d.Get("description").(string)
 	cidr := d.Get("cidr").(string)
+	visibility := d.Get("visibility").(string)
 	revision := int64(d.Get("revision").(int))
 	tags := getPolicyTagsFromSchema(d)
 
@@ -140,6 +157,9 @@ func resourceNsxtPolicyIPBlockUpdate(d *schema.ResourceData, m interface{}) erro
 		Tags:        tags,
 		Revision:    &revision,
 	}
+	if nsxVersionHigherOrEqual("4.2.0") && len(visibility) > 0 {
+		obj.Visibility = &visibility
+	}
 
 	_, err := client.Update(id, obj)
 	if err != nil {

nsxt/resource_nsxt_policy_ip_block_test.go

@@ -26,7 +26,7 @@ func TestAccResourceNsxtPolicyIPBlock_minimal(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, false),
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, false, false),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNSXPolicyIPBlockCheckExists(testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
@@ -42,20 +42,28 @@ func TestAccResourceNsxtPolicyIPBlock_minimal(t *testing.T) {
 }
 
 func TestAccResourceNsxtPolicyIPBlock_basic(t *testing.T) {
-	testAccResourceNsxtPolicyIPBlockBasic(t, false, func() {
+	testAccResourceNsxtPolicyIPBlockBasic(t, false, false, func() {
 		testAccPreCheck(t)
 		testAccOnlyLocalManager(t)
 	})
 }
 
+func TestAccResourceNsxtPolicyIPBlock_visibility(t *testing.T) {
+	testAccResourceNsxtPolicyIPBlockBasic(t, false, true, func() {
+		testAccPreCheck(t)
+		testAccOnlyLocalManager(t)
+		testAccNSXVersion(t, "4.2.0")
+	})
+}
+
 func TestAccResourceNsxtPolicyIPBlock_multitenancy(t *testing.T) {
-	testAccResourceNsxtPolicyIPBlockBasic(t, true, func() {
+	testAccResourceNsxtPolicyIPBlockBasic(t, true, false, func() {
 		testAccPreCheck(t)
 		testAccOnlyMultitenancy(t)
 	})
 }
 
-func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCheck func()) {
+func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, withVisibility bool, preCheck func()) {
 	name := getAccTestResourceName()
 	testResourceName := "nsxt_policy_ip_block.test"
 	cidr := "192.168.1.0/24"
@@ -69,7 +77,7 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, withContext),
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, cidr, withContext, withVisibility),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNSXPolicyIPBlockCheckExists(testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
@@ -78,10 +86,11 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh
 					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
 					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
 					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+					testAccNSXPolicyIPBlockVisibility(testResourceName, withVisibility, "EXTERNAL"),
 				),
 			},
 			{
-				Config: testAccNSXPolicyIPBlockUpdateTemplate(name, cidr2, withContext),
+				Config: testAccNSXPolicyIPBlockUpdateTemplate(name, cidr2, withContext, withVisibility),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNSXPolicyIPBlockCheckExists(testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", name),
@@ -90,6 +99,7 @@ func testAccResourceNsxtPolicyIPBlockBasic(t *testing.T, withContext bool, preCh
 					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
 					resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"),
 					resource.TestCheckResourceAttrSet(testResourceName, "path"),
+					testAccNSXPolicyIPBlockVisibility(testResourceName, withVisibility, "PRIVATE"),
 				),
 			},
 		},
@@ -108,7 +118,30 @@ func TestAccResourceNsxtPolicyIPBlock_importBasic(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false),
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false, false),
+			},
+			{
+				ResourceName:      testResourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccResourceNsxtPolicyIPBlock_importVisibility(t *testing.T) {
+	name := getAccTestResourceName()
+	testResourceName := "nsxt_policy_ip_block.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccOnlyLocalManager(t); testAccPreCheck(t); testAccNSXVersion(t, "4.2.0") },
+		Providers: testAccProviders,
+		CheckDestroy: func(state *terraform.State) error {
+			return testAccNSXPolicyIPBlockCheckDestroy(state)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", false, true),
 			},
 			{
 				ResourceName:      testResourceName,
@@ -131,7 +164,7 @@ func TestAccResourceNsxtPolicyIPBlock_importBasic_multitenancy(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", true),
+				Config: testAccNSXPolicyIPBlockCreateMinimalTemplate(name, "192.191.1.0/24", true, false),
 			},
 			{
 				ResourceName:      testResourceName,
@@ -167,6 +200,15 @@ func testAccNSXPolicyIPBlockCheckExists(resourceName string) resource.TestCheckF
 	}
 }
 
+func testAccNSXPolicyIPBlockVisibility(resourceName string, withVisibility bool, expected string) resource.TestCheckFunc {
+	if !withVisibility {
+		return func(state *terraform.State) error {
+			return nil
+		}
+	}
+	return resource.TestCheckResourceAttr(resourceName, "visibility", expected)
+}
+
 func testAccNSXPolicyIPBlockCheckDestroy(state *terraform.State) error {
 	connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients))
 	client := infra.NewIpBlocksClient(testAccGetSessionContext(), connector)
@@ -185,29 +227,43 @@ func testAccNSXPolicyIPBlockCheckDestroy(state *terraform.State) error {
 	return nil
 }
 
-func testAccNSXPolicyIPBlockCreateMinimalTemplate(displayName string, cidr string, withContext bool) string {
+func testAccNSXPolicyIPBlockCreateMinimalTemplate(displayName string, cidr string, withContext, withVisibility bool) string {
 	context := ""
 	if withContext {
 		context = testAccNsxtPolicyMultitenancyContext()
 	}
+
+	visibility := ""
+	if withVisibility {
+		visibility = "  visibility   = \"EXTERNAL\""
+	}
+
 	return fmt.Sprintf(`
 resource "nsxt_policy_ip_block" "test" {
 %s
   display_name = "%s"
   cidr         = "%s"
-}`, context, displayName, cidr)
+%s
+}`, context, displayName, cidr, visibility)
 }
 
-func testAccNSXPolicyIPBlockUpdateTemplate(displayName string, cidr string, withContext bool) string {
+func testAccNSXPolicyIPBlockUpdateTemplate(displayName string, cidr string, withContext, withVisibility bool) string {
 	context := ""
 	if withContext {
 		context = testAccNsxtPolicyMultitenancyContext()
 	}
+
+	visibility := ""
+	if withVisibility {
+		visibility = "  visibility   = \"PRIVATE\""
+	}
+
 	return fmt.Sprintf(`
 resource "nsxt_policy_ip_block" "test" {
 %s
   display_name = "%s"
   cidr         = "%s"
+%s
 
   tag {
     scope = "scope1"
@@ -218,5 +274,5 @@ resource "nsxt_policy_ip_block" "test" {
     scope = "scope2"
     tag   = "tag2"
   }
-}`, context, displayName, cidr)
+}`, context, displayName, cidr, visibility)
 }

website/docs/r/policy_ip_block.html.markdown

@@ -17,6 +17,7 @@ This resource is applicable to NSX Policy Manager.
 resource "nsxt_policy_ip_block" "block1" {
   display_name = "ip-block1"
   cidr         = "192.168.1.0/24"
+  visibility   = "PRIVATE"
 
   tag {
     scope = "color"
@@ -43,6 +44,7 @@ resource "nsxt_policy_ip_block" "block1" {
   }
   display_name = "ip-block1"
   cidr         = "192.168.1.0/24"
+  visibility   = "PRIVATE"
 
   tag {
     scope = "color"
@@ -63,6 +65,7 @@ The following arguments are supported:
 * `display_name` - (Required) The display name for the IP Block.
 * `description` - (Optional) Description of the resource.
 * `cidr` - (Required) Network address and the prefix length which will be associated with a layer-2 broadcast domain.
+* `visibility` - (Optional) Visibility of the IP Block. Valid options are `PRIVATE`, `EXTERNAL` or unset. Visibility cannot be changed once the block is associated with other resources.
 * `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the resource.
 * `tag` - (Optional) A list of scope + tag pairs to associate with this IP Block.
 * `context` - (Optional) The context which the object belongs to