Skip to content

Commit

Permalink
Add REJECT action support in vcd_nsxt_firewall (vmware#1240)
Browse files Browse the repository at this point in the history
  • Loading branch information
Didainius authored Jun 13, 2024
1 parent 8b89760 commit ce48b62
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 18 deletions.
1 change: 1 addition & 0 deletions .changes/v3.13.0/1240-improvements.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Resource `vcd_nsxt_firewall` supports `REJECT` action [GH-1240]
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ require (
github.com/hashicorp/go-version v1.6.0
github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
github.com/kr/pretty v0.3.1
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.7
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.8
)

require (
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,8 @@ github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IU
github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.7 h1:tCSx1c8m7b/jnSxTl1m5rHUFScM91SnLqDAso0KhNko=
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.7/go.mod h1:vbuNYzuADDBFhi9i2dIKWeNxMK1VFF0dACq01amYBIM=
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.8 h1:I0ZSGT0kFe4HF1s9JTS6Z2GyeuipVOpwuSczwj72sEk=
github.com/vmware/go-vcloud-director/v2 v2.25.0-alpha.8/go.mod h1:vbuNYzuADDBFhi9i2dIKWeNxMK1VFF0dACq01amYBIM=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
Expand Down
21 changes: 10 additions & 11 deletions vcd/resource_vcd_nsxt_firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,8 @@ func resourceVcdNsxtFirewall() *schema.Resource {
"action": {
Type: schema.TypeString,
Required: true,
Description: "Defines if the rule should 'ALLOW' or 'DROP' matching traffic",
ValidateFunc: validation.StringInSlice([]string{"ALLOW", "DROP"}, false),
Description: "Defines if the rule should 'ALLOW', 'DROP' or 'REJECT' matching traffic",
ValidateFunc: validation.StringInSlice([]string{"ALLOW", "DROP", "REJECT"}, false),
},
"enabled": {
Type: schema.TypeBool,
Expand Down Expand Up @@ -252,7 +252,6 @@ func resourceVcdNsxtFirewallImport(_ context.Context, d *schema.ResourceData, me
}

func setNsxtFirewallData(fwRules []*types.NsxtFirewallRule, d *schema.ResourceData, edgeGatewayId string) error {

dSet(d, "edge_gateway_id", edgeGatewayId)

result := make([]interface{}, len(fwRules))
Expand All @@ -270,7 +269,7 @@ func setNsxtFirewallData(fwRules []*types.NsxtFirewallRule, d *schema.ResourceDa
result[index] = map[string]interface{}{
"id": value.ID,
"name": value.Name,
"action": value.Action,
"action": value.ActionValue,
"enabled": value.Enabled,
"ip_protocol": value.IpProtocol,
"direction": value.Direction,
Expand All @@ -292,13 +291,13 @@ func getNsxtFirewallTypes(d *schema.ResourceData) []*types.NsxtFirewallRule {
oneRuleMapInterface := oneRule.(map[string]interface{})

result[index] = &types.NsxtFirewallRule{
Name: oneRuleMapInterface["name"].(string),
Action: oneRuleMapInterface["action"].(string),
Enabled: oneRuleMapInterface["enabled"].(bool),
IpProtocol: oneRuleMapInterface["ip_protocol"].(string),
Logging: oneRuleMapInterface["logging"].(bool),
Direction: oneRuleMapInterface["direction"].(string),
Version: nil,
Name: oneRuleMapInterface["name"].(string),
ActionValue: oneRuleMapInterface["action"].(string),
Enabled: oneRuleMapInterface["enabled"].(bool),
IpProtocol: oneRuleMapInterface["ip_protocol"].(string),
Logging: oneRuleMapInterface["logging"].(bool),
Direction: oneRuleMapInterface["direction"].(string),
Version: nil,
}

if oneRuleMapInterface["source_ids"] != nil {
Expand Down
6 changes: 3 additions & 3 deletions vcd/resource_vcd_nsxt_firewall_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ func TestAccVcdNsxtFirewall(t *testing.T) {
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.direction", "IN_OUT"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.ip_protocol", "IPV4_IPV6"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.logging", "false"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.action", "ALLOW"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.action", "REJECT"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.enabled", "true"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.source_ids.#", "1"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.destination_ids.#", "3"),
Expand Down Expand Up @@ -167,7 +167,7 @@ func TestAccVcdNsxtFirewall(t *testing.T) {
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.direction", "IN_OUT"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.ip_protocol", "IPV4_IPV6"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.logging", "false"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.action", "ALLOW"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.action", "REJECT"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.enabled", "false"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.source_ids.#", "1"),
resource.TestCheckResourceAttr("vcd_nsxt_firewall.testing", "rule.2.destination_ids.#", "3"),
Expand Down Expand Up @@ -295,7 +295,7 @@ resource "vcd_nsxt_firewall" "testing" {
}
rule {
action = "ALLOW"
action = "REJECT"
name = "test_rule-3"
direction = "IN_OUT"
ip_protocol = "IPV4_IPV6"
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/nsxt_firewall.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ Each Firewall Rule contains following attributes:
* `name` - (Required) Explanatory name for firewall rule (uniqueness not enforced)
* `direction` - (Required) One of `IN`, `OUT`, or `IN_OUT`
* `ip_protocol` - (Required) One of `IPV4`, `IPV6`, or `IPV4_IPV6`
* `action` - (Required) Defines if it should `ALLOW` or `DROP` traffic
* `action` - (Required) Defines if it should `ALLOW`, `DROP` or `REJECT` traffic
* `enabled` - (Optional) Defines if the rule is enabled (default `true`)
* `logging` - (Optional) Defines if logging for this rule is enabled (default `false`)
* `source_ids` - (Optional) A set of source object Firewall Groups (`IP Sets` or `Security groups`).
Expand Down

0 comments on commit ce48b62

Please sign in to comment.