diff --git a/nsxt/data_source_nsxt_policy_distributed_flood_protection_profile.go b/nsxt/data_source_nsxt_policy_distributed_flood_protection_profile.go new file mode 100644 index 000000000..f15d28c9f --- /dev/null +++ b/nsxt/data_source_nsxt_policy_distributed_flood_protection_profile.go @@ -0,0 +1,32 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceNsxtPolicyDistributedFloodProtectionProfile() *schema.Resource { + return &schema.Resource{ + Read: dataSourceNsxtPolicyDistributedFloodProtectionProfileRead, + + Schema: map[string]*schema.Schema{ + "id": getDataSourceIDSchema(), + "display_name": getDataSourceExtendedDisplayNameSchema(), + "description": getDataSourceDescriptionSchema(), + "path": getPathSchema(), + }, + } +} + +func dataSourceNsxtPolicyDistributedFloodProtectionProfileRead(d *schema.ResourceData, m interface{}) error { + connector := getPolicyConnector(m) + + _, err := policyDataSourceResourceRead(d, connector, getSessionContext(d, m), "DistributedFloodProtectionProfile", nil) + if err != nil { + return err + } + + return nil +} diff --git a/nsxt/data_source_nsxt_policy_gateway_flood_protection_profile.go b/nsxt/data_source_nsxt_policy_gateway_flood_protection_profile.go new file mode 100644 index 000000000..003d0d791 --- /dev/null +++ b/nsxt/data_source_nsxt_policy_gateway_flood_protection_profile.go @@ -0,0 +1,32 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceNsxtPolicyGatewayFloodProtectionProfile() *schema.Resource { + return &schema.Resource{ + Read: dataSourceNsxtPolicyGatewayFloodProtectionProfileRead, + + Schema: map[string]*schema.Schema{ + "id": getDataSourceIDSchema(), + "display_name": getDataSourceExtendedDisplayNameSchema(), + "description": getDataSourceDescriptionSchema(), + "path": getPathSchema(), + }, + } +} + +func dataSourceNsxtPolicyGatewayFloodProtectionProfileRead(d *schema.ResourceData, m interface{}) error { + connector := getPolicyConnector(m) + + _, err := policyDataSourceResourceRead(d, connector, getSessionContext(d, m), "GatewayFloodProtectionProfile", nil) + if err != nil { + return err + } + + return nil +} diff --git a/nsxt/provider.go b/nsxt/provider.go index d740a2050..0d2377f4f 100644 --- a/nsxt/provider.go +++ b/nsxt/provider.go @@ -225,213 +225,217 @@ func Provider() *schema.Provider { }, DataSourcesMap: map[string]*schema.Resource{ - "nsxt_provider_info": dataSourceNsxtProviderInfo(), - "nsxt_transport_zone": dataSourceNsxtTransportZone(), - "nsxt_switching_profile": dataSourceNsxtSwitchingProfile(), - "nsxt_logical_tier0_router": dataSourceNsxtLogicalTier0Router(), - "nsxt_logical_tier1_router": dataSourceNsxtLogicalTier1Router(), - "nsxt_mac_pool": dataSourceNsxtMacPool(), - "nsxt_ns_group": dataSourceNsxtNsGroup(), - "nsxt_ns_groups": dataSourceNsxtNsGroups(), - "nsxt_ns_service": dataSourceNsxtNsService(), - "nsxt_ns_services": dataSourceNsxtNsServices(), - "nsxt_edge_cluster": dataSourceNsxtEdgeCluster(), - "nsxt_certificate": dataSourceNsxtCertificate(), - "nsxt_ip_pool": dataSourceNsxtIPPool(), - "nsxt_firewall_section": dataSourceNsxtFirewallSection(), - "nsxt_management_cluster": dataSourceNsxtManagementCluster(), - "nsxt_policy_edge_cluster": dataSourceNsxtPolicyEdgeCluster(), - "nsxt_policy_edge_node": dataSourceNsxtPolicyEdgeNode(), - "nsxt_policy_tier0_gateway": dataSourceNsxtPolicyTier0Gateway(), - "nsxt_policy_tier1_gateway": dataSourceNsxtPolicyTier1Gateway(), - "nsxt_policy_service": dataSourceNsxtPolicyService(), - "nsxt_policy_realization_info": dataSourceNsxtPolicyRealizationInfo(), - "nsxt_policy_segment_realization": dataSourceNsxtPolicySegmentRealization(), - "nsxt_policy_transport_zone": dataSourceNsxtPolicyTransportZone(), - "nsxt_policy_ip_discovery_profile": dataSourceNsxtPolicyIPDiscoveryProfile(), - "nsxt_policy_spoofguard_profile": dataSourceNsxtPolicySpoofGuardProfile(), - "nsxt_policy_qos_profile": dataSourceNsxtPolicyQosProfile(), - "nsxt_policy_ipv6_ndra_profile": dataSourceNsxtPolicyIpv6NdraProfile(), - "nsxt_policy_ipv6_dad_profile": dataSourceNsxtPolicyIpv6DadProfile(), - "nsxt_policy_gateway_qos_profile": dataSourceNsxtPolicyGatewayQosProfile(), - "nsxt_policy_segment_security_profile": dataSourceNsxtPolicySegmentSecurityProfile(), - "nsxt_policy_mac_discovery_profile": dataSourceNsxtPolicyMacDiscoveryProfile(), - "nsxt_policy_vm": dataSourceNsxtPolicyVM(), - "nsxt_policy_vms": dataSourceNsxtPolicyVMs(), - "nsxt_policy_lb_app_profile": dataSourceNsxtPolicyLBAppProfile(), - "nsxt_policy_lb_client_ssl_profile": dataSourceNsxtPolicyLBClientSslProfile(), - "nsxt_policy_lb_server_ssl_profile": dataSourceNsxtPolicyLBServerSslProfile(), - "nsxt_policy_lb_monitor": dataSourceNsxtPolicyLBMonitor(), - "nsxt_policy_certificate": dataSourceNsxtPolicyCertificate(), - "nsxt_policy_lb_persistence_profile": dataSourceNsxtPolicyLbPersistenceProfile(), - "nsxt_policy_vni_pool": dataSourceNsxtPolicyVniPool(), - "nsxt_policy_ip_block": dataSourceNsxtPolicyIPBlock(), - "nsxt_policy_ip_pool": dataSourceNsxtPolicyIPPool(), - "nsxt_policy_site": dataSourceNsxtPolicySite(), - "nsxt_policy_gateway_policy": dataSourceNsxtPolicyGatewayPolicy(), - "nsxt_policy_security_policy": dataSourceNsxtPolicySecurityPolicy(), - "nsxt_policy_group": dataSourceNsxtPolicyGroup(), - "nsxt_policy_context_profile": dataSourceNsxtPolicyContextProfile(), - "nsxt_policy_dhcp_server": dataSourceNsxtPolicyDhcpServer(), - "nsxt_policy_bfd_profile": dataSourceNsxtPolicyBfdProfile(), - "nsxt_policy_intrusion_service_profile": dataSourceNsxtPolicyIntrusionServiceProfile(), - "nsxt_policy_lb_service": dataSourceNsxtPolicyLbService(), - "nsxt_policy_gateway_locale_service": dataSourceNsxtPolicyGatewayLocaleService(), - "nsxt_policy_bridge_profile": dataSourceNsxtPolicyBridgeProfile(), - "nsxt_policy_ipsec_vpn_local_endpoint": dataSourceNsxtPolicyIPSecVpnLocalEndpoint(), - "nsxt_policy_ipsec_vpn_service": dataSourceNsxtPolicyIPSecVpnService(), - "nsxt_policy_l2_vpn_service": dataSourceNsxtPolicyL2VpnService(), - "nsxt_policy_segment": dataSourceNsxtPolicySegment(), - "nsxt_policy_project": dataSourceNsxtPolicyProject(), - "nsxt_policy_gateway_prefix_list": dataSourceNsxtPolicyGatewayPrefixList(), - "nsxt_policy_gateway_route_map": dataSourceNsxtPolicyGatewayRouteMap(), - "nsxt_policy_uplink_host_switch_profile": dataSourceNsxtUplinkHostSwitchProfile(), - "nsxt_compute_manager": dataSourceNsxtComputeManager(), - "nsxt_transport_node_realization": dataSourceNsxtTransportNodeRealization(), - "nsxt_failure_domain": dataSourceNsxtFailureDomain(), - "nsxt_compute_collection": dataSourceNsxtComputeCollection(), - "nsxt_compute_manager_realization": dataSourceNsxtComputeManagerRealization(), - "nsxt_policy_host_transport_node": dataSourceNsxtPolicyHostTransportNode(), + "nsxt_provider_info": dataSourceNsxtProviderInfo(), + "nsxt_transport_zone": dataSourceNsxtTransportZone(), + "nsxt_switching_profile": dataSourceNsxtSwitchingProfile(), + "nsxt_logical_tier0_router": dataSourceNsxtLogicalTier0Router(), + "nsxt_logical_tier1_router": dataSourceNsxtLogicalTier1Router(), + "nsxt_mac_pool": dataSourceNsxtMacPool(), + "nsxt_ns_group": dataSourceNsxtNsGroup(), + "nsxt_ns_groups": dataSourceNsxtNsGroups(), + "nsxt_ns_service": dataSourceNsxtNsService(), + "nsxt_ns_services": dataSourceNsxtNsServices(), + "nsxt_edge_cluster": dataSourceNsxtEdgeCluster(), + "nsxt_certificate": dataSourceNsxtCertificate(), + "nsxt_ip_pool": dataSourceNsxtIPPool(), + "nsxt_firewall_section": dataSourceNsxtFirewallSection(), + "nsxt_management_cluster": dataSourceNsxtManagementCluster(), + "nsxt_policy_edge_cluster": dataSourceNsxtPolicyEdgeCluster(), + "nsxt_policy_edge_node": dataSourceNsxtPolicyEdgeNode(), + "nsxt_policy_tier0_gateway": dataSourceNsxtPolicyTier0Gateway(), + "nsxt_policy_tier1_gateway": dataSourceNsxtPolicyTier1Gateway(), + "nsxt_policy_service": dataSourceNsxtPolicyService(), + "nsxt_policy_realization_info": dataSourceNsxtPolicyRealizationInfo(), + "nsxt_policy_segment_realization": dataSourceNsxtPolicySegmentRealization(), + "nsxt_policy_transport_zone": dataSourceNsxtPolicyTransportZone(), + "nsxt_policy_ip_discovery_profile": dataSourceNsxtPolicyIPDiscoveryProfile(), + "nsxt_policy_spoofguard_profile": dataSourceNsxtPolicySpoofGuardProfile(), + "nsxt_policy_qos_profile": dataSourceNsxtPolicyQosProfile(), + "nsxt_policy_ipv6_ndra_profile": dataSourceNsxtPolicyIpv6NdraProfile(), + "nsxt_policy_ipv6_dad_profile": dataSourceNsxtPolicyIpv6DadProfile(), + "nsxt_policy_gateway_qos_profile": dataSourceNsxtPolicyGatewayQosProfile(), + "nsxt_policy_segment_security_profile": dataSourceNsxtPolicySegmentSecurityProfile(), + "nsxt_policy_mac_discovery_profile": dataSourceNsxtPolicyMacDiscoveryProfile(), + "nsxt_policy_vm": dataSourceNsxtPolicyVM(), + "nsxt_policy_vms": dataSourceNsxtPolicyVMs(), + "nsxt_policy_lb_app_profile": dataSourceNsxtPolicyLBAppProfile(), + "nsxt_policy_lb_client_ssl_profile": dataSourceNsxtPolicyLBClientSslProfile(), + "nsxt_policy_lb_server_ssl_profile": dataSourceNsxtPolicyLBServerSslProfile(), + "nsxt_policy_lb_monitor": dataSourceNsxtPolicyLBMonitor(), + "nsxt_policy_certificate": dataSourceNsxtPolicyCertificate(), + "nsxt_policy_lb_persistence_profile": dataSourceNsxtPolicyLbPersistenceProfile(), + "nsxt_policy_vni_pool": dataSourceNsxtPolicyVniPool(), + "nsxt_policy_ip_block": dataSourceNsxtPolicyIPBlock(), + "nsxt_policy_ip_pool": dataSourceNsxtPolicyIPPool(), + "nsxt_policy_site": dataSourceNsxtPolicySite(), + "nsxt_policy_gateway_policy": dataSourceNsxtPolicyGatewayPolicy(), + "nsxt_policy_security_policy": dataSourceNsxtPolicySecurityPolicy(), + "nsxt_policy_group": dataSourceNsxtPolicyGroup(), + "nsxt_policy_context_profile": dataSourceNsxtPolicyContextProfile(), + "nsxt_policy_dhcp_server": dataSourceNsxtPolicyDhcpServer(), + "nsxt_policy_bfd_profile": dataSourceNsxtPolicyBfdProfile(), + "nsxt_policy_intrusion_service_profile": dataSourceNsxtPolicyIntrusionServiceProfile(), + "nsxt_policy_lb_service": dataSourceNsxtPolicyLbService(), + "nsxt_policy_gateway_locale_service": dataSourceNsxtPolicyGatewayLocaleService(), + "nsxt_policy_bridge_profile": dataSourceNsxtPolicyBridgeProfile(), + "nsxt_policy_ipsec_vpn_local_endpoint": dataSourceNsxtPolicyIPSecVpnLocalEndpoint(), + "nsxt_policy_ipsec_vpn_service": dataSourceNsxtPolicyIPSecVpnService(), + "nsxt_policy_l2_vpn_service": dataSourceNsxtPolicyL2VpnService(), + "nsxt_policy_segment": dataSourceNsxtPolicySegment(), + "nsxt_policy_project": dataSourceNsxtPolicyProject(), + "nsxt_policy_gateway_prefix_list": dataSourceNsxtPolicyGatewayPrefixList(), + "nsxt_policy_gateway_route_map": dataSourceNsxtPolicyGatewayRouteMap(), + "nsxt_policy_uplink_host_switch_profile": dataSourceNsxtUplinkHostSwitchProfile(), + "nsxt_compute_manager": dataSourceNsxtComputeManager(), + "nsxt_transport_node_realization": dataSourceNsxtTransportNodeRealization(), + "nsxt_failure_domain": dataSourceNsxtFailureDomain(), + "nsxt_compute_collection": dataSourceNsxtComputeCollection(), + "nsxt_compute_manager_realization": dataSourceNsxtComputeManagerRealization(), + "nsxt_policy_host_transport_node": dataSourceNsxtPolicyHostTransportNode(), + "nsxt_policy_distributed_flood_protection_profile": dataSourceNsxtPolicyDistributedFloodProtectionProfile(), + "nsxt_policy_gateway_flood_protection_profile": dataSourceNsxtPolicyGatewayFloodProtectionProfile(), }, ResourcesMap: map[string]*schema.Resource{ - "nsxt_dhcp_relay_profile": resourceNsxtDhcpRelayProfile(), - "nsxt_dhcp_relay_service": resourceNsxtDhcpRelayService(), - "nsxt_dhcp_server_profile": resourceNsxtDhcpServerProfile(), - "nsxt_logical_dhcp_server": resourceNsxtLogicalDhcpServer(), - "nsxt_dhcp_server_ip_pool": resourceNsxtDhcpServerIPPool(), - "nsxt_logical_switch": resourceNsxtLogicalSwitch(), - "nsxt_vlan_logical_switch": resourceNsxtVlanLogicalSwitch(), - "nsxt_logical_dhcp_port": resourceNsxtLogicalDhcpPort(), - "nsxt_logical_port": resourceNsxtLogicalPort(), - "nsxt_logical_tier0_router": resourceNsxtLogicalTier0Router(), - "nsxt_logical_tier1_router": resourceNsxtLogicalTier1Router(), - "nsxt_logical_router_centralized_service_port": resourceNsxtLogicalRouterCentralizedServicePort(), - "nsxt_logical_router_downlink_port": resourceNsxtLogicalRouterDownLinkPort(), - "nsxt_logical_router_link_port_on_tier0": resourceNsxtLogicalRouterLinkPortOnTier0(), - "nsxt_logical_router_link_port_on_tier1": resourceNsxtLogicalRouterLinkPortOnTier1(), - "nsxt_ip_discovery_switching_profile": resourceNsxtIPDiscoverySwitchingProfile(), - "nsxt_mac_management_switching_profile": resourceNsxtMacManagementSwitchingProfile(), - "nsxt_qos_switching_profile": resourceNsxtQosSwitchingProfile(), - "nsxt_spoofguard_switching_profile": resourceNsxtSpoofGuardSwitchingProfile(), - "nsxt_switch_security_switching_profile": resourceNsxtSwitchSecuritySwitchingProfile(), - "nsxt_l4_port_set_ns_service": resourceNsxtL4PortSetNsService(), - "nsxt_algorithm_type_ns_service": resourceNsxtAlgorithmTypeNsService(), - "nsxt_icmp_type_ns_service": resourceNsxtIcmpTypeNsService(), - "nsxt_igmp_type_ns_service": resourceNsxtIgmpTypeNsService(), - "nsxt_ether_type_ns_service": resourceNsxtEtherTypeNsService(), - "nsxt_ip_protocol_ns_service": resourceNsxtIPProtocolNsService(), - "nsxt_ns_service_group": resourceNsxtNsServiceGroup(), - "nsxt_ns_group": resourceNsxtNsGroup(), - "nsxt_firewall_section": resourceNsxtFirewallSection(), - "nsxt_nat_rule": resourceNsxtNatRule(), - "nsxt_ip_block": resourceNsxtIPBlock(), - "nsxt_ip_block_subnet": resourceNsxtIPBlockSubnet(), - "nsxt_ip_pool": resourceNsxtIPPool(), - "nsxt_ip_pool_allocation_ip_address": resourceNsxtIPPoolAllocationIPAddress(), - "nsxt_ip_set": resourceNsxtIPSet(), - "nsxt_static_route": resourceNsxtStaticRoute(), - "nsxt_vm_tags": resourceNsxtVMTags(), - "nsxt_lb_icmp_monitor": resourceNsxtLbIcmpMonitor(), - "nsxt_lb_tcp_monitor": resourceNsxtLbTCPMonitor(), - "nsxt_lb_udp_monitor": resourceNsxtLbUDPMonitor(), - "nsxt_lb_http_monitor": resourceNsxtLbHTTPMonitor(), - "nsxt_lb_https_monitor": resourceNsxtLbHTTPSMonitor(), - "nsxt_lb_passive_monitor": resourceNsxtLbPassiveMonitor(), - "nsxt_lb_pool": resourceNsxtLbPool(), - "nsxt_lb_tcp_virtual_server": resourceNsxtLbTCPVirtualServer(), - "nsxt_lb_udp_virtual_server": resourceNsxtLbUDPVirtualServer(), - "nsxt_lb_http_virtual_server": resourceNsxtLbHTTPVirtualServer(), - "nsxt_lb_http_forwarding_rule": resourceNsxtLbHTTPForwardingRule(), - "nsxt_lb_http_request_rewrite_rule": resourceNsxtLbHTTPRequestRewriteRule(), - "nsxt_lb_http_response_rewrite_rule": resourceNsxtLbHTTPResponseRewriteRule(), - "nsxt_lb_cookie_persistence_profile": resourceNsxtLbCookiePersistenceProfile(), - "nsxt_lb_source_ip_persistence_profile": resourceNsxtLbSourceIPPersistenceProfile(), - "nsxt_lb_client_ssl_profile": resourceNsxtLbClientSslProfile(), - "nsxt_lb_server_ssl_profile": resourceNsxtLbServerSslProfile(), - "nsxt_lb_service": resourceNsxtLbService(), - "nsxt_lb_fast_tcp_application_profile": resourceNsxtLbFastTCPApplicationProfile(), - "nsxt_lb_fast_udp_application_profile": resourceNsxtLbFastUDPApplicationProfile(), - "nsxt_lb_http_application_profile": resourceNsxtLbHTTPApplicationProfile(), - "nsxt_policy_tier1_gateway": resourceNsxtPolicyTier1Gateway(), - "nsxt_policy_tier1_gateway_interface": resourceNsxtPolicyTier1GatewayInterface(), - "nsxt_policy_tier0_gateway": resourceNsxtPolicyTier0Gateway(), - "nsxt_policy_tier0_gateway_interface": resourceNsxtPolicyTier0GatewayInterface(), - "nsxt_policy_tier0_gateway_ha_vip_config": resourceNsxtPolicyTier0GatewayHAVipConfig(), - "nsxt_policy_group": resourceNsxtPolicyGroup(), - "nsxt_policy_domain": resourceNsxtPolicyDomain(), - "nsxt_policy_security_policy": resourceNsxtPolicySecurityPolicy(), - "nsxt_policy_service": resourceNsxtPolicyService(), - "nsxt_policy_gateway_policy": resourceNsxtPolicyGatewayPolicy(), - "nsxt_policy_predefined_gateway_policy": resourceNsxtPolicyPredefinedGatewayPolicy(), - "nsxt_policy_predefined_security_policy": resourceNsxtPolicyPredefinedSecurityPolicy(), - "nsxt_policy_segment": resourceNsxtPolicySegment(), - "nsxt_policy_vlan_segment": resourceNsxtPolicyVlanSegment(), - "nsxt_policy_fixed_segment": resourceNsxtPolicyFixedSegment(), - "nsxt_policy_static_route": resourceNsxtPolicyStaticRoute(), - "nsxt_policy_gateway_prefix_list": resourceNsxtPolicyGatewayPrefixList(), - "nsxt_policy_vm_tags": resourceNsxtPolicyVMTags(), - "nsxt_policy_nat_rule": resourceNsxtPolicyNATRule(), - "nsxt_policy_ip_block": resourceNsxtPolicyIPBlock(), - "nsxt_policy_lb_pool": resourceNsxtPolicyLBPool(), - "nsxt_policy_ip_pool": resourceNsxtPolicyIPPool(), - "nsxt_policy_ip_pool_block_subnet": resourceNsxtPolicyIPPoolBlockSubnet(), - "nsxt_policy_ip_pool_static_subnet": resourceNsxtPolicyIPPoolStaticSubnet(), - "nsxt_policy_lb_service": resourceNsxtPolicyLBService(), - "nsxt_policy_lb_virtual_server": resourceNsxtPolicyLBVirtualServer(), - "nsxt_policy_ip_address_allocation": resourceNsxtPolicyIPAddressAllocation(), - "nsxt_policy_bgp_neighbor": resourceNsxtPolicyBgpNeighbor(), - "nsxt_policy_bgp_config": resourceNsxtPolicyBgpConfig(), - "nsxt_policy_dhcp_relay": resourceNsxtPolicyDhcpRelayConfig(), - "nsxt_policy_dhcp_server": resourceNsxtPolicyDhcpServer(), - "nsxt_policy_context_profile": resourceNsxtPolicyContextProfile(), - "nsxt_policy_dhcp_v4_static_binding": resourceNsxtPolicyDhcpV4StaticBinding(), - "nsxt_policy_dhcp_v6_static_binding": resourceNsxtPolicyDhcpV6StaticBinding(), - "nsxt_policy_dns_forwarder_zone": resourceNsxtPolicyDNSForwarderZone(), - "nsxt_policy_gateway_dns_forwarder": resourceNsxtPolicyGatewayDNSForwarder(), - "nsxt_policy_gateway_community_list": resourceNsxtPolicyGatewayCommunityList(), - "nsxt_policy_gateway_route_map": resourceNsxtPolicyGatewayRouteMap(), - "nsxt_policy_intrusion_service_policy": resourceNsxtPolicyIntrusionServicePolicy(), - "nsxt_policy_static_route_bfd_peer": resourceNsxtPolicyStaticRouteBfdPeer(), - "nsxt_policy_intrusion_service_profile": resourceNsxtPolicyIntrusionServiceProfile(), - "nsxt_policy_evpn_tenant": resourceNsxtPolicyEvpnTenant(), - "nsxt_policy_evpn_config": resourceNsxtPolicyEvpnConfig(), - "nsxt_policy_evpn_tunnel_endpoint": resourceNsxtPolicyEvpnTunnelEndpoint(), - "nsxt_policy_vni_pool": resourceNsxtPolicyVniPool(), - "nsxt_policy_qos_profile": resourceNsxtPolicyQosProfile(), - "nsxt_policy_ospf_config": resourceNsxtPolicyOspfConfig(), - "nsxt_policy_ospf_area": resourceNsxtPolicyOspfArea(), - "nsxt_policy_gateway_redistribution_config": resourceNsxtPolicyGatewayRedistributionConfig(), - "nsxt_policy_mac_discovery_profile": resourceNsxtPolicyMacDiscoveryProfile(), - "nsxt_policy_ipsec_vpn_ike_profile": resourceNsxtPolicyIPSecVpnIkeProfile(), - "nsxt_policy_ipsec_vpn_tunnel_profile": resourceNsxtPolicyIPSecVpnTunnelProfile(), - "nsxt_policy_ipsec_vpn_dpd_profile": resourceNsxtPolicyIPSecVpnDpdProfile(), - "nsxt_policy_ipsec_vpn_session": resourceNsxtPolicyIPSecVpnSession(), - "nsxt_policy_l2_vpn_session": resourceNsxtPolicyL2VPNSession(), - "nsxt_policy_ipsec_vpn_service": resourceNsxtPolicyIPSecVpnService(), - "nsxt_policy_l2_vpn_service": resourceNsxtPolicyL2VpnService(), - "nsxt_policy_ipsec_vpn_local_endpoint": resourceNsxtPolicyIPSecVpnLocalEndpoint(), - "nsxt_policy_ip_discovery_profile": resourceNsxtPolicyIPDiscoveryProfile(), - "nsxt_policy_context_profile_custom_attribute": resourceNsxtPolicyContextProfileCustomAttribute(), - "nsxt_policy_segment_security_profile": resourceNsxtPolicySegmentSecurityProfile(), - "nsxt_policy_spoof_guard_profile": resourceNsxtPolicySpoofGuardProfile(), - "nsxt_policy_gateway_qos_profile": resourceNsxtPolicyGatewayQosProfile(), - "nsxt_policy_project": resourceNsxtPolicyProject(), - "nsxt_policy_transport_zone": resourceNsxtPolicyTransportZone(), - "nsxt_policy_user_management_role": resourceNsxtPolicyUserManagementRole(), - "nsxt_policy_user_management_role_binding": resourceNsxtPolicyUserManagementRoleBinding(), - "nsxt_edge_cluster": resourceNsxtEdgeCluster(), - "nsxt_compute_manager": resourceNsxtComputeManager(), - "nsxt_manager_cluster": resourceNsxtManagerCluster(), - "nsxt_policy_uplink_host_switch_profile": resourceNsxtUplinkHostSwitchProfile(), - "nsxt_node_user": resourceNsxtUsers(), - "nsxt_transport_node": resourceNsxtTransportNode(), - "nsxt_failure_domain": resourceNsxtFailureDomain(), - "nsxt_cluster_virtual_ip": resourceNsxtClusterVirualIP(), - "nsxt_policy_host_transport_node_profile": resourceNsxtPolicyHostTransportNodeProfile(), - "nsxt_policy_host_transport_node": resourceNsxtPolicyHostTransportNode(), - "nsxt_edge_high_availability_profile": resourceNsxtEdgeHighAvailabilityProfile(), - "nsxt_policy_host_transport_node_collection": resourceNsxtPolicyHostTransportNodeCollection(), + "nsxt_dhcp_relay_profile": resourceNsxtDhcpRelayProfile(), + "nsxt_dhcp_relay_service": resourceNsxtDhcpRelayService(), + "nsxt_dhcp_server_profile": resourceNsxtDhcpServerProfile(), + "nsxt_logical_dhcp_server": resourceNsxtLogicalDhcpServer(), + "nsxt_dhcp_server_ip_pool": resourceNsxtDhcpServerIPPool(), + "nsxt_logical_switch": resourceNsxtLogicalSwitch(), + "nsxt_vlan_logical_switch": resourceNsxtVlanLogicalSwitch(), + "nsxt_logical_dhcp_port": resourceNsxtLogicalDhcpPort(), + "nsxt_logical_port": resourceNsxtLogicalPort(), + "nsxt_logical_tier0_router": resourceNsxtLogicalTier0Router(), + "nsxt_logical_tier1_router": resourceNsxtLogicalTier1Router(), + "nsxt_logical_router_centralized_service_port": resourceNsxtLogicalRouterCentralizedServicePort(), + "nsxt_logical_router_downlink_port": resourceNsxtLogicalRouterDownLinkPort(), + "nsxt_logical_router_link_port_on_tier0": resourceNsxtLogicalRouterLinkPortOnTier0(), + "nsxt_logical_router_link_port_on_tier1": resourceNsxtLogicalRouterLinkPortOnTier1(), + "nsxt_ip_discovery_switching_profile": resourceNsxtIPDiscoverySwitchingProfile(), + "nsxt_mac_management_switching_profile": resourceNsxtMacManagementSwitchingProfile(), + "nsxt_qos_switching_profile": resourceNsxtQosSwitchingProfile(), + "nsxt_spoofguard_switching_profile": resourceNsxtSpoofGuardSwitchingProfile(), + "nsxt_switch_security_switching_profile": resourceNsxtSwitchSecuritySwitchingProfile(), + "nsxt_l4_port_set_ns_service": resourceNsxtL4PortSetNsService(), + "nsxt_algorithm_type_ns_service": resourceNsxtAlgorithmTypeNsService(), + "nsxt_icmp_type_ns_service": resourceNsxtIcmpTypeNsService(), + "nsxt_igmp_type_ns_service": resourceNsxtIgmpTypeNsService(), + "nsxt_ether_type_ns_service": resourceNsxtEtherTypeNsService(), + "nsxt_ip_protocol_ns_service": resourceNsxtIPProtocolNsService(), + "nsxt_ns_service_group": resourceNsxtNsServiceGroup(), + "nsxt_ns_group": resourceNsxtNsGroup(), + "nsxt_firewall_section": resourceNsxtFirewallSection(), + "nsxt_nat_rule": resourceNsxtNatRule(), + "nsxt_ip_block": resourceNsxtIPBlock(), + "nsxt_ip_block_subnet": resourceNsxtIPBlockSubnet(), + "nsxt_ip_pool": resourceNsxtIPPool(), + "nsxt_ip_pool_allocation_ip_address": resourceNsxtIPPoolAllocationIPAddress(), + "nsxt_ip_set": resourceNsxtIPSet(), + "nsxt_static_route": resourceNsxtStaticRoute(), + "nsxt_vm_tags": resourceNsxtVMTags(), + "nsxt_lb_icmp_monitor": resourceNsxtLbIcmpMonitor(), + "nsxt_lb_tcp_monitor": resourceNsxtLbTCPMonitor(), + "nsxt_lb_udp_monitor": resourceNsxtLbUDPMonitor(), + "nsxt_lb_http_monitor": resourceNsxtLbHTTPMonitor(), + "nsxt_lb_https_monitor": resourceNsxtLbHTTPSMonitor(), + "nsxt_lb_passive_monitor": resourceNsxtLbPassiveMonitor(), + "nsxt_lb_pool": resourceNsxtLbPool(), + "nsxt_lb_tcp_virtual_server": resourceNsxtLbTCPVirtualServer(), + "nsxt_lb_udp_virtual_server": resourceNsxtLbUDPVirtualServer(), + "nsxt_lb_http_virtual_server": resourceNsxtLbHTTPVirtualServer(), + "nsxt_lb_http_forwarding_rule": resourceNsxtLbHTTPForwardingRule(), + "nsxt_lb_http_request_rewrite_rule": resourceNsxtLbHTTPRequestRewriteRule(), + "nsxt_lb_http_response_rewrite_rule": resourceNsxtLbHTTPResponseRewriteRule(), + "nsxt_lb_cookie_persistence_profile": resourceNsxtLbCookiePersistenceProfile(), + "nsxt_lb_source_ip_persistence_profile": resourceNsxtLbSourceIPPersistenceProfile(), + "nsxt_lb_client_ssl_profile": resourceNsxtLbClientSslProfile(), + "nsxt_lb_server_ssl_profile": resourceNsxtLbServerSslProfile(), + "nsxt_lb_service": resourceNsxtLbService(), + "nsxt_lb_fast_tcp_application_profile": resourceNsxtLbFastTCPApplicationProfile(), + "nsxt_lb_fast_udp_application_profile": resourceNsxtLbFastUDPApplicationProfile(), + "nsxt_lb_http_application_profile": resourceNsxtLbHTTPApplicationProfile(), + "nsxt_policy_tier1_gateway": resourceNsxtPolicyTier1Gateway(), + "nsxt_policy_tier1_gateway_interface": resourceNsxtPolicyTier1GatewayInterface(), + "nsxt_policy_tier0_gateway": resourceNsxtPolicyTier0Gateway(), + "nsxt_policy_tier0_gateway_interface": resourceNsxtPolicyTier0GatewayInterface(), + "nsxt_policy_tier0_gateway_ha_vip_config": resourceNsxtPolicyTier0GatewayHAVipConfig(), + "nsxt_policy_group": resourceNsxtPolicyGroup(), + "nsxt_policy_domain": resourceNsxtPolicyDomain(), + "nsxt_policy_security_policy": resourceNsxtPolicySecurityPolicy(), + "nsxt_policy_service": resourceNsxtPolicyService(), + "nsxt_policy_gateway_policy": resourceNsxtPolicyGatewayPolicy(), + "nsxt_policy_predefined_gateway_policy": resourceNsxtPolicyPredefinedGatewayPolicy(), + "nsxt_policy_predefined_security_policy": resourceNsxtPolicyPredefinedSecurityPolicy(), + "nsxt_policy_segment": resourceNsxtPolicySegment(), + "nsxt_policy_vlan_segment": resourceNsxtPolicyVlanSegment(), + "nsxt_policy_fixed_segment": resourceNsxtPolicyFixedSegment(), + "nsxt_policy_static_route": resourceNsxtPolicyStaticRoute(), + "nsxt_policy_gateway_prefix_list": resourceNsxtPolicyGatewayPrefixList(), + "nsxt_policy_vm_tags": resourceNsxtPolicyVMTags(), + "nsxt_policy_nat_rule": resourceNsxtPolicyNATRule(), + "nsxt_policy_ip_block": resourceNsxtPolicyIPBlock(), + "nsxt_policy_lb_pool": resourceNsxtPolicyLBPool(), + "nsxt_policy_ip_pool": resourceNsxtPolicyIPPool(), + "nsxt_policy_ip_pool_block_subnet": resourceNsxtPolicyIPPoolBlockSubnet(), + "nsxt_policy_ip_pool_static_subnet": resourceNsxtPolicyIPPoolStaticSubnet(), + "nsxt_policy_lb_service": resourceNsxtPolicyLBService(), + "nsxt_policy_lb_virtual_server": resourceNsxtPolicyLBVirtualServer(), + "nsxt_policy_ip_address_allocation": resourceNsxtPolicyIPAddressAllocation(), + "nsxt_policy_bgp_neighbor": resourceNsxtPolicyBgpNeighbor(), + "nsxt_policy_bgp_config": resourceNsxtPolicyBgpConfig(), + "nsxt_policy_dhcp_relay": resourceNsxtPolicyDhcpRelayConfig(), + "nsxt_policy_dhcp_server": resourceNsxtPolicyDhcpServer(), + "nsxt_policy_context_profile": resourceNsxtPolicyContextProfile(), + "nsxt_policy_dhcp_v4_static_binding": resourceNsxtPolicyDhcpV4StaticBinding(), + "nsxt_policy_dhcp_v6_static_binding": resourceNsxtPolicyDhcpV6StaticBinding(), + "nsxt_policy_dns_forwarder_zone": resourceNsxtPolicyDNSForwarderZone(), + "nsxt_policy_gateway_dns_forwarder": resourceNsxtPolicyGatewayDNSForwarder(), + "nsxt_policy_gateway_community_list": resourceNsxtPolicyGatewayCommunityList(), + "nsxt_policy_gateway_route_map": resourceNsxtPolicyGatewayRouteMap(), + "nsxt_policy_intrusion_service_policy": resourceNsxtPolicyIntrusionServicePolicy(), + "nsxt_policy_static_route_bfd_peer": resourceNsxtPolicyStaticRouteBfdPeer(), + "nsxt_policy_intrusion_service_profile": resourceNsxtPolicyIntrusionServiceProfile(), + "nsxt_policy_evpn_tenant": resourceNsxtPolicyEvpnTenant(), + "nsxt_policy_evpn_config": resourceNsxtPolicyEvpnConfig(), + "nsxt_policy_evpn_tunnel_endpoint": resourceNsxtPolicyEvpnTunnelEndpoint(), + "nsxt_policy_vni_pool": resourceNsxtPolicyVniPool(), + "nsxt_policy_qos_profile": resourceNsxtPolicyQosProfile(), + "nsxt_policy_ospf_config": resourceNsxtPolicyOspfConfig(), + "nsxt_policy_ospf_area": resourceNsxtPolicyOspfArea(), + "nsxt_policy_gateway_redistribution_config": resourceNsxtPolicyGatewayRedistributionConfig(), + "nsxt_policy_mac_discovery_profile": resourceNsxtPolicyMacDiscoveryProfile(), + "nsxt_policy_ipsec_vpn_ike_profile": resourceNsxtPolicyIPSecVpnIkeProfile(), + "nsxt_policy_ipsec_vpn_tunnel_profile": resourceNsxtPolicyIPSecVpnTunnelProfile(), + "nsxt_policy_ipsec_vpn_dpd_profile": resourceNsxtPolicyIPSecVpnDpdProfile(), + "nsxt_policy_ipsec_vpn_session": resourceNsxtPolicyIPSecVpnSession(), + "nsxt_policy_l2_vpn_session": resourceNsxtPolicyL2VPNSession(), + "nsxt_policy_ipsec_vpn_service": resourceNsxtPolicyIPSecVpnService(), + "nsxt_policy_l2_vpn_service": resourceNsxtPolicyL2VpnService(), + "nsxt_policy_ipsec_vpn_local_endpoint": resourceNsxtPolicyIPSecVpnLocalEndpoint(), + "nsxt_policy_ip_discovery_profile": resourceNsxtPolicyIPDiscoveryProfile(), + "nsxt_policy_context_profile_custom_attribute": resourceNsxtPolicyContextProfileCustomAttribute(), + "nsxt_policy_segment_security_profile": resourceNsxtPolicySegmentSecurityProfile(), + "nsxt_policy_spoof_guard_profile": resourceNsxtPolicySpoofGuardProfile(), + "nsxt_policy_gateway_qos_profile": resourceNsxtPolicyGatewayQosProfile(), + "nsxt_policy_project": resourceNsxtPolicyProject(), + "nsxt_policy_transport_zone": resourceNsxtPolicyTransportZone(), + "nsxt_policy_user_management_role": resourceNsxtPolicyUserManagementRole(), + "nsxt_policy_user_management_role_binding": resourceNsxtPolicyUserManagementRoleBinding(), + "nsxt_edge_cluster": resourceNsxtEdgeCluster(), + "nsxt_compute_manager": resourceNsxtComputeManager(), + "nsxt_manager_cluster": resourceNsxtManagerCluster(), + "nsxt_policy_uplink_host_switch_profile": resourceNsxtUplinkHostSwitchProfile(), + "nsxt_node_user": resourceNsxtUsers(), + "nsxt_transport_node": resourceNsxtTransportNode(), + "nsxt_failure_domain": resourceNsxtFailureDomain(), + "nsxt_cluster_virtual_ip": resourceNsxtClusterVirualIP(), + "nsxt_policy_host_transport_node_profile": resourceNsxtPolicyHostTransportNodeProfile(), + "nsxt_policy_host_transport_node": resourceNsxtPolicyHostTransportNode(), + "nsxt_edge_high_availability_profile": resourceNsxtEdgeHighAvailabilityProfile(), + "nsxt_policy_host_transport_node_collection": resourceNsxtPolicyHostTransportNodeCollection(), + "nsxt_policy_distributed_flood_protection_profile": resourceNsxtPolicyDistributedFloodProtectionProfile(), + "nsxt_policy_gateway_flood_protection_profile": resourceNsxtPolicyGatewayFloodProtectionProfile(), }, ConfigureFunc: providerConfigure, diff --git a/nsxt/resource_nsxt_policy_distributed_flood_protection_profile.go b/nsxt/resource_nsxt_policy_distributed_flood_protection_profile.go new file mode 100644 index 000000000..2d51a64da --- /dev/null +++ b/nsxt/resource_nsxt_policy_distributed_flood_protection_profile.go @@ -0,0 +1,256 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/vmware/vsphere-automation-sdk-go/runtime/bindings" + "github.com/vmware/vsphere-automation-sdk-go/runtime/data" + "github.com/vmware/vsphere-automation-sdk-go/runtime/protocol/client" + gm_infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" +) + +func resourceNsxtPolicyDistributedFloodProtectionProfile() *schema.Resource { + return &schema.Resource{ + Create: resourceNsxtPolicyDistributedFloodProtectionProfileCreate, + Read: resourceNsxtPolicyDistributedFloodProtectionProfileRead, + Update: resourceNsxtPolicyDistributedFloodProtectionProfileUpdate, + Delete: resourceNsxtPolicyFloodProtectionProfileDelete, + Importer: &schema.ResourceImporter{ + State: nsxtPolicyPathResourceImporter, + }, + Schema: getDistributedFloodProtectionProfile(), + } +} + +func getFloodProtectionProfile() map[string]*schema.Schema { + return map[string]*schema.Schema{ + "nsx_id": getNsxIDSchema(), + "path": getPathSchema(), + "display_name": getDisplayNameSchema(), + "description": getDescriptionSchema(), + "revision": getRevisionSchema(), + "tag": getTagsSchema(), + "icmp_active_flow_limit": { + Type: schema.TypeInt, + Description: "Active ICMP connections limit", + Optional: true, + ValidateFunc: validation.IntBetween(0, 1000000), + }, + "other_active_conn_limit": { + Type: schema.TypeInt, + Description: "Timeout after first TN", + Optional: true, + ValidateFunc: validation.IntBetween(0, 1000000), + }, + "tcp_half_open_conn_limit": { + Type: schema.TypeInt, + Description: "Active half open TCP connections limit", + Optional: true, + ValidateFunc: validation.IntBetween(0, 1000000), + }, + "udp_active_flow_limit": { + Type: schema.TypeInt, + Description: "Active UDP connections limit", + Optional: true, + ValidateFunc: validation.IntBetween(0, 1000000), + }, + } +} + +func getDistributedFloodProtectionProfile() map[string]*schema.Schema { + baseProfile := getFloodProtectionProfile() + baseProfile["enable_rst_spoofing"] = &schema.Schema{ + Type: schema.TypeBool, + Description: "Flag to indicate rst spoofing is enabled", + Optional: true, + Default: false, + } + baseProfile["enable_syncache"] = &schema.Schema{ + Type: schema.TypeBool, + Description: "Flag to indicate syncache is enabled", + Optional: true, + Default: false, + } + return baseProfile +} + +func resourceNsxtPolicyFloodProtectionProfileExists(id string, connector client.Connector, isGlobalManager bool) (bool, error) { + var err error + if isGlobalManager { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + _, err = client.Get(id) + } else { + client := infra.NewFloodProtectionProfilesClient(connector) + _, err = client.Get(id) + } + if err == nil { + return true, nil + } + + if isNotFoundError(err) { + return false, nil + } + + return false, logAPIError("Error retrieving resource", err) +} + +func resourceNsxtPolicyDistributedFloodProtectionProfilePatch(d *schema.ResourceData, m interface{}, id string) error { + connector := getPolicyConnector(m) + + displayName := d.Get("display_name").(string) + description := d.Get("description").(string) + tags := getPolicyTagsFromSchema(d) + icmpActiveFlowLimit := int64(d.Get("icmp_active_flow_limit").(int)) + otherActiveConnLimit := int64(d.Get("other_active_conn_limit").(int)) + tcpHalfOpenConnLimit := int64(d.Get("tcp_half_open_conn_limit").(int)) + udpActiveFlowLimit := int64(d.Get("udp_active_flow_limit").(int)) + enableRstSpoofing := d.Get("enable_rst_spoofing").(bool) + enableSyncache := d.Get("enable_syncache").(bool) + + obj := model.DistributedFloodProtectionProfile{ + DisplayName: &displayName, + Description: &description, + Tags: tags, + ResourceType: model.FloodProtectionProfile_RESOURCE_TYPE_DISTRIBUTEDFLOODPROTECTIONPROFILE, + EnableRstSpoofing: &enableRstSpoofing, + EnableSyncache: &enableSyncache, + } + if icmpActiveFlowLimit != 0 { + obj.IcmpActiveFlowLimit = &icmpActiveFlowLimit + } + if otherActiveConnLimit != 0 { + obj.OtherActiveConnLimit = &otherActiveConnLimit + } + if tcpHalfOpenConnLimit != 0 { + obj.TcpHalfOpenConnLimit = &tcpHalfOpenConnLimit + } + if udpActiveFlowLimit != 0 { + obj.UdpActiveFlowLimit = &udpActiveFlowLimit + } + + converter := bindings.NewTypeConverter() + profileValue, errs := converter.ConvertToVapi(obj, model.DistributedFloodProtectionProfileBindingType()) + if errs != nil { + return errs[0] + } + profileStruct := profileValue.(*data.StructValue) + + log.Printf("[INFO] Patching DistributedFloodProtectionProfile with ID %s", id) + if isPolicyGlobalManager(m) { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + return client.Patch(id, profileStruct, nil) + } + client := infra.NewFloodProtectionProfilesClient(connector) + return client.Patch(id, profileStruct, nil) +} + +func resourceNsxtPolicyDistributedFloodProtectionProfileCreate(d *schema.ResourceData, m interface{}) error { + + // Initialize resource Id and verify this ID is not yet used + id, err := getOrGenerateID(d, m, resourceNsxtPolicyFloodProtectionProfileExists) + if err != nil { + return err + } + + err = resourceNsxtPolicyDistributedFloodProtectionProfilePatch(d, m, id) + if err != nil { + return handleCreateError("FloodProtectionProfile", id, err) + } + + d.SetId(id) + d.Set("nsx_id", id) + + return resourceNsxtPolicyDistributedFloodProtectionProfileRead(d, m) +} + +func resourceNsxtPolicyDistributedFloodProtectionProfileRead(d *schema.ResourceData, m interface{}) error { + connector := getPolicyConnector(m) + converter := bindings.NewTypeConverter() + + id := d.Id() + if id == "" { + return fmt.Errorf("Error obtaining FloodProtectionProfile ID") + } + + var profileStruct *data.StructValue + var err error + if isPolicyGlobalManager(m) { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + profileStruct, err = client.Get(id) + } else { + client := infra.NewFloodProtectionProfilesClient(connector) + profileStruct, err = client.Get(id) + } + + if err != nil { + return handleReadError(d, "FloodProtectionProfile", id, err) + } + + dfppInterface, errs := converter.ConvertToGolang(profileStruct, model.DistributedFloodProtectionProfileBindingType()) + if errs != nil { + return errs[0] + } + obj := dfppInterface.(model.DistributedFloodProtectionProfile) + + d.Set("display_name", obj.DisplayName) + d.Set("description", obj.Description) + setPolicyTagsInSchema(d, obj.Tags) + d.Set("nsx_id", id) + d.Set("path", obj.Path) + d.Set("revision", obj.Revision) + + d.Set("icmp_active_flow_limit", obj.IcmpActiveFlowLimit) + d.Set("other_active_conn_limit", obj.OtherActiveConnLimit) + d.Set("tcp_half_open_conn_limit", obj.TcpHalfOpenConnLimit) + d.Set("udp_active_flow_limit", obj.UdpActiveFlowLimit) + d.Set("enable_rst_spoofing", obj.EnableRstSpoofing) + d.Set("enable_syncache", obj.EnableSyncache) + + return nil +} + +func resourceNsxtPolicyDistributedFloodProtectionProfileUpdate(d *schema.ResourceData, m interface{}) error { + + id := d.Id() + if id == "" { + return fmt.Errorf("Error obtaining FloodProtectionProfile ID") + } + + err := resourceNsxtPolicyDistributedFloodProtectionProfilePatch(d, m, id) + if err != nil { + return handleUpdateError("FloodProtectionProfile", id, err) + } + + return resourceNsxtPolicyDistributedFloodProtectionProfileRead(d, m) +} + +func resourceNsxtPolicyFloodProtectionProfileDelete(d *schema.ResourceData, m interface{}) error { + id := d.Id() + if id == "" { + return fmt.Errorf("Error obtaining FloodProtectionProfile ID") + } + + connector := getPolicyConnector(m) + var err error + if isPolicyGlobalManager(m) { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + err = client.Delete(id, nil) + } else { + client := infra.NewFloodProtectionProfilesClient(connector) + err = client.Delete(id, nil) + } + + if err != nil { + return handleDeleteError("FloodProtectionProfile", id, err) + } + + return nil +} diff --git a/nsxt/resource_nsxt_policy_distributed_flood_protection_profile_test.go b/nsxt/resource_nsxt_policy_distributed_flood_protection_profile_test.go new file mode 100644 index 000000000..7fb082dc9 --- /dev/null +++ b/nsxt/resource_nsxt_policy_distributed_flood_protection_profile_test.go @@ -0,0 +1,206 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +var accTestPolicyDistributedFloodProtectionProfileCreateAttributes = map[string]string{ + "display_name": getAccTestResourceName(), + "description": "terraform created", + "icmp_active_flow_limit": "2", + "other_active_conn_limit": "2", + "tcp_half_open_conn_limit": "2", + "udp_active_flow_limit": "2", + "enable_rst_spoofing": "false", + "enable_syncache": "false", +} + +var accTestPolicyDistributedFloodProtectionProfileUpdateAttributes = map[string]string{ + "display_name": getAccTestResourceName(), + "description": "terraform updated", + "icmp_active_flow_limit": "5", + "other_active_conn_limit": "5", + "tcp_half_open_conn_limit": "5", + "udp_active_flow_limit": "5", + "enable_rst_spoofing": "true", + "enable_syncache": "true", +} + +func TestAccResourceNsxtPolicyDistributedFloodProtectionProfile_basic(t *testing.T) { + testResourceName := "nsxt_policy_distributed_flood_protection_profile.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNsxtPolicyDistributedFloodProtectionProfileCheckDestroy(state, accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["display_name"]) + }, + Steps: []resource.TestStep{ + { + Config: testAccNsxtPolicyDistributedFloodProtectionProfileTemplate(true), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyDistributedFloodProtectionProfileExists(accTestPolicyDistributedFloodProtectionProfileCreateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["display_name"]), + resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["description"]), + resource.TestCheckResourceAttr(testResourceName, "icmp_active_flow_limit", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["icmp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "other_active_conn_limit", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["other_active_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "tcp_half_open_conn_limit", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["tcp_half_open_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "udp_active_flow_limit", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["udp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "enable_rst_spoofing", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["enable_rst_spoofing"]), + resource.TestCheckResourceAttr(testResourceName, "enable_syncache", accTestPolicyDistributedFloodProtectionProfileCreateAttributes["enable_syncache"]), + + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), + ), + }, + { + Config: testAccNsxtPolicyDistributedFloodProtectionProfileTemplate(false), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyDistributedFloodProtectionProfileExists(accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["display_name"]), + resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["description"]), + resource.TestCheckResourceAttr(testResourceName, "icmp_active_flow_limit", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["icmp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "other_active_conn_limit", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["other_active_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "tcp_half_open_conn_limit", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["tcp_half_open_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "udp_active_flow_limit", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["udp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "enable_rst_spoofing", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["enable_rst_spoofing"]), + resource.TestCheckResourceAttr(testResourceName, "enable_syncache", accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["enable_syncache"]), + + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), + ), + }, + { + Config: testAccNsxtPolicyDistributedFloodProtectionProfileMinimalistic(), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyDistributedFloodProtectionProfileExists(accTestPolicyDistributedFloodProtectionProfileCreateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "description", ""), + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"), + ), + }, + }, + }) +} + +func TestAccResourceNsxtPolicyDistributedFloodProtectionProfile_importBasic(t *testing.T) { + name := getAccTestResourceName() + testResourceName := "nsxt_policy_distributed_flood_protection_profile.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNsxtPolicyDistributedFloodProtectionProfileCheckDestroy(state, name) + }, + Steps: []resource.TestStep{ + { + Config: testAccNsxtPolicyDistributedFloodProtectionProfileMinimalistic(), + }, + { + ResourceName: testResourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccNsxtPolicyDistributedFloodProtectionProfileExists(displayName string, resourceName string) resource.TestCheckFunc { + return func(state *terraform.State) error { + + connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) + + rs, ok := state.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Policy DistributedFloodProtectionProfile resource %s not found in resources", resourceName) + } + + resourceID := rs.Primary.ID + if resourceID == "" { + return fmt.Errorf("Policy DistributedFloodProtectionProfile resource ID not set in resources") + } + + exists, err := resourceNsxtPolicyFloodProtectionProfileExists(resourceID, connector, testAccIsGlobalManager()) + if err != nil { + return err + } + if !exists { + return fmt.Errorf("Policy DistributedFloodProtectionProfile %s does not exist", resourceID) + } + + return nil + } +} + +func testAccNsxtPolicyDistributedFloodProtectionProfileCheckDestroy(state *terraform.State, displayName string) error { + connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) + for _, rs := range state.RootModule().Resources { + + if rs.Type != "nsxt_policy_distributed_flood_protection_profile" { + continue + } + + resourceID := rs.Primary.Attributes["id"] + exists, err := resourceNsxtPolicyFloodProtectionProfileExists(resourceID, connector, testAccIsGlobalManager()) + if err == nil { + return err + } + + if exists { + return fmt.Errorf("Policy DistributedFloodProtectionProfile %s still exists", displayName) + } + } + return nil +} + +func testAccNsxtPolicyDistributedFloodProtectionProfileTemplate(createFlow bool) string { + var attrMap map[string]string + if createFlow { + attrMap = accTestPolicyDistributedFloodProtectionProfileCreateAttributes + } else { + attrMap = accTestPolicyDistributedFloodProtectionProfileUpdateAttributes + } + return fmt.Sprintf(` +resource "nsxt_policy_distributed_flood_protection_profile" "test" { + display_name = "%s" + description = "%s" + icmp_active_flow_limit = %s + other_active_conn_limit = %s + tcp_half_open_conn_limit = %s + udp_active_flow_limit = %s + enable_rst_spoofing = %s + enable_syncache = %s + + tag { + scope = "scope1" + tag = "tag1" + } +} + +data "nsxt_policy_distributed_flood_protection_profile" "test" { + display_name = "%s" + depends_on = [nsxt_policy_distributed_flood_protection_profile.test] +}`, attrMap["display_name"], attrMap["description"], attrMap["icmp_active_flow_limit"], attrMap["other_active_conn_limit"], attrMap["tcp_half_open_conn_limit"], attrMap["udp_active_flow_limit"], attrMap["enable_rst_spoofing"], attrMap["enable_syncache"], attrMap["display_name"]) +} + +func testAccNsxtPolicyDistributedFloodProtectionProfileMinimalistic() string { + return fmt.Sprintf(` +resource "nsxt_policy_distributed_flood_protection_profile" "test" { + display_name = "%s" + +}`, accTestPolicyDistributedFloodProtectionProfileUpdateAttributes["display_name"]) +} diff --git a/nsxt/resource_nsxt_policy_gateway_flood_protection_profile.go b/nsxt/resource_nsxt_policy_gateway_flood_protection_profile.go new file mode 100644 index 000000000..617bc5f13 --- /dev/null +++ b/nsxt/resource_nsxt_policy_gateway_flood_protection_profile.go @@ -0,0 +1,173 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/vmware/vsphere-automation-sdk-go/runtime/bindings" + "github.com/vmware/vsphere-automation-sdk-go/runtime/data" + gm_infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-gm/global_infra" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" +) + +func resourceNsxtPolicyGatewayFloodProtectionProfile() *schema.Resource { + return &schema.Resource{ + Create: resourceNsxtPolicyGatewayFloodProtectionProfileCreate, + Read: resourceNsxtPolicyGatewayFloodProtectionProfileRead, + Update: resourceNsxtPolicyGatewayFloodProtectionProfileUpdate, + Delete: resourceNsxtPolicyFloodProtectionProfileDelete, + Importer: &schema.ResourceImporter{ + State: nsxtPolicyPathResourceImporter, + }, + Schema: getGatewayFloodProtectionProfile(), + } +} + +func getGatewayFloodProtectionProfile() map[string]*schema.Schema { + baseProfile := getFloodProtectionProfile() + baseProfile["nat_active_conn_limit"] = &schema.Schema{ + Type: schema.TypeInt, + Description: "Maximum limit of active NAT connections", + Optional: true, + ValidateFunc: validation.IntBetween(1, 4294967295), + Default: 4294967295, + } + return baseProfile +} + +func resourceNsxtPolicyGatewayFloodProtectionProfilePatch(d *schema.ResourceData, m interface{}, id string) error { + connector := getPolicyConnector(m) + + displayName := d.Get("display_name").(string) + description := d.Get("description").(string) + tags := getPolicyTagsFromSchema(d) + + icmpActiveFlowLimit := int64(d.Get("icmp_active_flow_limit").(int)) + otherActiveConnLimit := int64(d.Get("other_active_conn_limit").(int)) + tcpHalfOpenConnLimit := int64(d.Get("tcp_half_open_conn_limit").(int)) + udpActiveFlowLimit := int64(d.Get("udp_active_flow_limit").(int)) + natActiveConnLimit := int64(d.Get("nat_active_conn_limit").(int)) + + obj := model.GatewayFloodProtectionProfile{ + DisplayName: &displayName, + Description: &description, + Tags: tags, + ResourceType: model.FloodProtectionProfile_RESOURCE_TYPE_GATEWAYFLOODPROTECTIONPROFILE, + } + + if icmpActiveFlowLimit != 0 { + obj.IcmpActiveFlowLimit = &icmpActiveFlowLimit + } + if otherActiveConnLimit != 0 { + obj.OtherActiveConnLimit = &otherActiveConnLimit + } + if tcpHalfOpenConnLimit != 0 { + obj.TcpHalfOpenConnLimit = &tcpHalfOpenConnLimit + } + if udpActiveFlowLimit != 0 { + obj.UdpActiveFlowLimit = &udpActiveFlowLimit + } + if natActiveConnLimit != 0 { + obj.NatActiveConnLimit = &natActiveConnLimit + } + + converter := bindings.NewTypeConverter() + profileValue, errs := converter.ConvertToVapi(obj, model.GatewayFloodProtectionProfileBindingType()) + if errs != nil { + return errs[0] + } + profileStruct := profileValue.(*data.StructValue) + + log.Printf("[INFO] Patching GatewayFloodProtectionProfile with ID %s", id) + if isPolicyGlobalManager(m) { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + return client.Patch(id, profileStruct, nil) + } + client := infra.NewFloodProtectionProfilesClient(connector) + return client.Patch(id, profileStruct, nil) +} + +func resourceNsxtPolicyGatewayFloodProtectionProfileCreate(d *schema.ResourceData, m interface{}) error { + + // Initialize resource Id and verify this ID is not yet used + id, err := getOrGenerateID(d, m, resourceNsxtPolicyFloodProtectionProfileExists) + if err != nil { + return err + } + + err = resourceNsxtPolicyGatewayFloodProtectionProfilePatch(d, m, id) + if err != nil { + return handleCreateError("GatewayFloodProtectionProfile", id, err) + } + + d.SetId(id) + d.Set("nsx_id", id) + + return resourceNsxtPolicyGatewayFloodProtectionProfileRead(d, m) +} + +func resourceNsxtPolicyGatewayFloodProtectionProfileRead(d *schema.ResourceData, m interface{}) error { + connector := getPolicyConnector(m) + converter := bindings.NewTypeConverter() + + id := d.Id() + if id == "" { + return fmt.Errorf("Error obtaining GatewayFloodProtectionProfile ID") + } + + var profileStruct *data.StructValue + var err error + if isPolicyGlobalManager(m) { + client := gm_infra.NewFloodProtectionProfilesClient(connector) + profileStruct, err = client.Get(id) + } else { + client := infra.NewFloodProtectionProfilesClient(connector) + profileStruct, err = client.Get(id) + } + + if err != nil { + return handleReadError(d, "GatewayFloodProtectionProfile", id, err) + } + + gfppInterface, errs := converter.ConvertToGolang(profileStruct, model.GatewayFloodProtectionProfileBindingType()) + if errs != nil { + return errs[0] + } + obj := gfppInterface.(model.GatewayFloodProtectionProfile) + + d.Set("display_name", obj.DisplayName) + d.Set("description", obj.Description) + setPolicyTagsInSchema(d, obj.Tags) + d.Set("nsx_id", id) + d.Set("path", obj.Path) + d.Set("revision", obj.Revision) + + d.Set("icmp_active_flow_limit", obj.IcmpActiveFlowLimit) + d.Set("other_active_conn_limit", obj.OtherActiveConnLimit) + d.Set("tcp_half_open_conn_limit", obj.TcpHalfOpenConnLimit) + d.Set("udp_active_flow_limit", obj.UdpActiveFlowLimit) + d.Set("nat_active_conn_limit", obj.NatActiveConnLimit) + + return nil +} + +func resourceNsxtPolicyGatewayFloodProtectionProfileUpdate(d *schema.ResourceData, m interface{}) error { + + id := d.Id() + if id == "" { + return fmt.Errorf("Error obtaining GatewayFloodProtectionProfile ID") + } + + err := resourceNsxtPolicyGatewayFloodProtectionProfilePatch(d, m, id) + if err != nil { + return handleUpdateError("GatewayFloodProtectionProfile", id, err) + } + + return resourceNsxtPolicyGatewayFloodProtectionProfileRead(d, m) +} diff --git a/nsxt/resource_nsxt_policy_gateway_flood_protection_profile_test.go b/nsxt/resource_nsxt_policy_gateway_flood_protection_profile_test.go new file mode 100644 index 000000000..3a4b01f38 --- /dev/null +++ b/nsxt/resource_nsxt_policy_gateway_flood_protection_profile_test.go @@ -0,0 +1,201 @@ +/* Copyright © 2023 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: MPL-2.0 */ + +package nsxt + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +var accTestPolicyGatewayFloodProtectionProfileCreateAttributes = map[string]string{ + "display_name": getAccTestResourceName(), + "description": "terraform created", + "icmp_active_flow_limit": "2", + "other_active_conn_limit": "2", + "tcp_half_open_conn_limit": "2", + "udp_active_flow_limit": "2", + "nat_active_conn_limit": "2", +} + +var accTestPolicyGatewayFloodProtectionProfileUpdateAttributes = map[string]string{ + "display_name": getAccTestResourceName(), + "description": "terraform updated", + "icmp_active_flow_limit": "5", + "other_active_conn_limit": "5", + "tcp_half_open_conn_limit": "5", + "udp_active_flow_limit": "5", + "nat_active_conn_limit": "5", +} + +func TestAccResourceNsxtPolicyGatewayFloodProtectionProfile_basic(t *testing.T) { + testResourceName := "nsxt_policy_gateway_flood_protection_profile.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNsxtPolicyGatewayFloodProtectionProfileCheckDestroy(state, accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["display_name"]) + }, + Steps: []resource.TestStep{ + { + Config: testAccNsxtPolicyGatewayFloodProtectionProfileTemplate(true), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyGatewayFloodProtectionProfileExists(accTestPolicyGatewayFloodProtectionProfileCreateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["display_name"]), + resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["description"]), + resource.TestCheckResourceAttr(testResourceName, "icmp_active_flow_limit", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["icmp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "other_active_conn_limit", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["other_active_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "tcp_half_open_conn_limit", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["tcp_half_open_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "udp_active_flow_limit", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["udp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "nat_active_conn_limit", accTestPolicyGatewayFloodProtectionProfileCreateAttributes["nat_active_conn_limit"]), + + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), + ), + }, + { + Config: testAccNsxtPolicyGatewayFloodProtectionProfileTemplate(false), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyGatewayFloodProtectionProfileExists(accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["display_name"]), + resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["description"]), + resource.TestCheckResourceAttr(testResourceName, "icmp_active_flow_limit", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["icmp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "other_active_conn_limit", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["other_active_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "tcp_half_open_conn_limit", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["tcp_half_open_conn_limit"]), + resource.TestCheckResourceAttr(testResourceName, "udp_active_flow_limit", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["udp_active_flow_limit"]), + resource.TestCheckResourceAttr(testResourceName, "nat_active_conn_limit", accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["nat_active_conn_limit"]), + + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"), + ), + }, + { + Config: testAccNsxtPolicyGatewayFloodProtectionProfileMinimalistic(), + Check: resource.ComposeTestCheckFunc( + testAccNsxtPolicyGatewayFloodProtectionProfileExists(accTestPolicyGatewayFloodProtectionProfileCreateAttributes["display_name"], testResourceName), + resource.TestCheckResourceAttr(testResourceName, "description", ""), + resource.TestCheckResourceAttrSet(testResourceName, "nsx_id"), + resource.TestCheckResourceAttrSet(testResourceName, "path"), + resource.TestCheckResourceAttrSet(testResourceName, "revision"), + resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"), + ), + }, + }, + }) +} + +func TestAccResourceNsxtPolicyGatewayFloodProtectionProfile_importBasic(t *testing.T) { + name := getAccTestResourceName() + testResourceName := "nsxt_policy_gateway_flood_protection_profile.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: func(state *terraform.State) error { + return testAccNsxtPolicyGatewayFloodProtectionProfileCheckDestroy(state, name) + }, + Steps: []resource.TestStep{ + { + Config: testAccNsxtPolicyGatewayFloodProtectionProfileMinimalistic(), + }, + { + ResourceName: testResourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccNsxtPolicyGatewayFloodProtectionProfileExists(displayName string, resourceName string) resource.TestCheckFunc { + return func(state *terraform.State) error { + + connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) + + rs, ok := state.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Policy FloodProtectionProfile resource %s not found in resources", resourceName) + } + + resourceID := rs.Primary.ID + if resourceID == "" { + return fmt.Errorf("Policy GatewayFloodProtectionProfile resource ID not set in resources") + } + + exists, err := resourceNsxtPolicyFloodProtectionProfileExists(resourceID, connector, testAccIsGlobalManager()) + if err != nil { + return err + } + if !exists { + return fmt.Errorf("Policy GatewayFloodProtectionProfile %s does not exist", resourceID) + } + + return nil + } +} + +func testAccNsxtPolicyGatewayFloodProtectionProfileCheckDestroy(state *terraform.State, displayName string) error { + connector := getPolicyConnector(testAccProvider.Meta().(nsxtClients)) + for _, rs := range state.RootModule().Resources { + + if rs.Type != "nsxt_policy_gateway_flood_protection_profile" { + continue + } + + resourceID := rs.Primary.Attributes["id"] + exists, err := resourceNsxtPolicyFloodProtectionProfileExists(resourceID, connector, testAccIsGlobalManager()) + if err == nil { + return err + } + + if exists { + return fmt.Errorf("Policy GatewayFloodProtectionProfile %s still exists", displayName) + } + } + return nil +} + +func testAccNsxtPolicyGatewayFloodProtectionProfileTemplate(createFlow bool) string { + var attrMap map[string]string + if createFlow { + attrMap = accTestPolicyGatewayFloodProtectionProfileCreateAttributes + } else { + attrMap = accTestPolicyGatewayFloodProtectionProfileUpdateAttributes + } + return fmt.Sprintf(` +resource "nsxt_policy_gateway_flood_protection_profile" "test" { + display_name = "%s" + description = "%s" + icmp_active_flow_limit = %s + other_active_conn_limit = %s + tcp_half_open_conn_limit = %s + udp_active_flow_limit = %s + nat_active_conn_limit = %s + + tag { + scope = "scope1" + tag = "tag1" + } +} + +data "nsxt_policy_gateway_flood_protection_profile" "test" { + display_name = "%s" + depends_on = [nsxt_policy_gateway_flood_protection_profile.test] +}`, attrMap["display_name"], attrMap["description"], attrMap["icmp_active_flow_limit"], attrMap["other_active_conn_limit"], attrMap["tcp_half_open_conn_limit"], attrMap["udp_active_flow_limit"], attrMap["nat_active_conn_limit"], attrMap["display_name"]) +} + +func testAccNsxtPolicyGatewayFloodProtectionProfileMinimalistic() string { + return fmt.Sprintf(` +resource "nsxt_policy_gateway_flood_protection_profile" "test" { + display_name = "%s" + +}`, accTestPolicyGatewayFloodProtectionProfileUpdateAttributes["display_name"]) +} diff --git a/website/docs/d/policy_distributed_flood_protection_profile.html.markdown b/website/docs/d/policy_distributed_flood_protection_profile.html.markdown new file mode 100644 index 000000000..a9feb27d7 --- /dev/null +++ b/website/docs/d/policy_distributed_flood_protection_profile.html.markdown @@ -0,0 +1,31 @@ +--- +subcategory: "Security" +layout: "nsxt" +page_title: "NSXT: policy_distributed_flood_protection_profile" +description: Policy Distributed Flood Protection Profile data source. +--- + +# nsxt_policy_distributed_flood_protection_profile + +This data source provides information about policy Distributed Flood Protection Profile configured in NSX. +This data source is applicable to NSX Global Manager and NSX Policy Manager. + +## Example Usage + +```hcl +resource "nsxt_policy_distributed_flood_protection_profile" "test" { + display_name = "test" +} +``` + +## Argument Reference + +* `id` - (Optional) The ID of Distributed Flood Protection Profile to retrieve. +* `display_name` - (Optional) The Display Name prefix of the Distributed Flood Protection Profile to retrieve. + +## Attributes Reference + +In addition to arguments listed above, the following attributes are exported: + +* `description` - The description of the resource. +* `path` - The NSX path of the policy resource. diff --git a/website/docs/d/policy_gateway_flood_protection_profile.html.markdown b/website/docs/d/policy_gateway_flood_protection_profile.html.markdown new file mode 100644 index 000000000..72d5f14ee --- /dev/null +++ b/website/docs/d/policy_gateway_flood_protection_profile.html.markdown @@ -0,0 +1,31 @@ +--- +subcategory: "Security" +layout: "nsxt" +page_title: "NSXT: policy_gateway_flood_protection_profile" +description: Policy Gateway Flood Protection Profile data source. +--- + +# nsxt_policy_gateway_flood_protection_profile + +This data source provides information about policy Gateway Flood Protection Profile configured in NSX. +This data source is applicable to NSX Global Manager and NSX Policy Manager. + +## Example Usage + +```hcl +resource "nsxt_policy_gateway_flood_protection_profile" "test" { + display_name = "test" +} +``` + +## Argument Reference + +* `id` - (Optional) The ID of Gateway Flood Protection Profile to retrieve. +* `display_name` - (Optional) The Display Name prefix of the Gateway Flood Protection Profile to retrieve. + +## Attributes Reference + +In addition to arguments listed above, the following attributes are exported: + +* `description` - The description of the resource. +* `path` - The NSX path of the policy resource. diff --git a/website/docs/r/policy_distributed_flood_protection_profile.html.markdown b/website/docs/r/policy_distributed_flood_protection_profile.html.markdown new file mode 100644 index 000000000..559358bdf --- /dev/null +++ b/website/docs/r/policy_distributed_flood_protection_profile.html.markdown @@ -0,0 +1,72 @@ +--- +subcategory: "Security" +layout: "nsxt" +page_title: "NSXT: policy_distributed_flood_protection_profile" +description: A resource to configure Policy Distributed Flood Protection Profile on NSX Policy manager. +--- + +# nsxt_policy_distributed_flood_protection_profile + +This resource provides a method for the management of a Distributed Flood Protection Profile. + +This resource is applicable to NSX Global Manager and NSX Policy Manager. + +## Example Usage + +```hcl +resource "nsxt_policy_distributed_flood_protection_profile" "test" { + display_name = "test" + description = "test" + icmp_active_flow_limit = 3 + other_active_conn_limit = 3 + tcp_half_open_conn_limit = 3 + udp_active_flow_limit = 3 + enable_rst_spoofing = true + enable_syncache = true + + tag { + scope = "scope1" + tag = "tag1" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `display_name` - (Required) Display name of the resource. +* `description` - (Optional) Description of the resource. +* `tag` - (Optional) A list of scope + tag pairs to associate with this resource. +* `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the policy resource. +* `icmp_active_flow_limit` - (Optional) Active ICMP connections limit. If this field is empty, firewall will not set a limit to active ICMP connections. Minimum: 1, Maximum: 1000000. +* `other_active_conn_limit` - (Optional) Timeout after first TN. If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. Minimum: 1, Maximum: 1000000. +* `tcp_half_open_conn_limit` - (Optional) Active half open TCP connections limit. If this field is empty, firewall will not set a limit to half open TCP connections. Minimum: 1, Maximum: 1000000. +* `udp_active_flow_limit` - (Optional) Active UDP connections limit. If this field is empty, firewall will not set a limit to active UDP connections. Minimum: 1, Maximum: 1000000. +* `enable_rst_spoofing` - (Optional) Flag to indicate rst spoofing is enabled. If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles. Default: false. +* `enable_syncache` - (Optional) Flag to indicate syncache is enabled. If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles. Default: false. + +## Attributes Reference + +In addition to arguments listed above, the following attributes are exported: + +* `revision` - Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging. +* `path` - The NSX path of the policy resource. + +## Importing + +An existing Distributed Flood Protection Profile can be [imported][docs-import] into this resource, via the following command: + +[docs-import]: https://www.terraform.io/cli/import + +``` +terraform import nsxt_policy_distributed_flood_protection_profile.dfpp ID +``` + +The above command imports the Distributed Flood Protection Profile named `dfpp` with the NSX Policy ID `ID`. + +``` +terraform import nsxt_policy_distributed_flood_protection_profile.dfpp POLICY_PATH +``` +The above command imports the Distributed Flood Protection Profile named `dfpp` with the policy path `POLICY_PATH`. +Note: for multitenancy projects only the later form is usable. diff --git a/website/docs/r/policy_gateway_flood_protection_profile.html.markdown b/website/docs/r/policy_gateway_flood_protection_profile.html.markdown new file mode 100644 index 000000000..46a1c7928 --- /dev/null +++ b/website/docs/r/policy_gateway_flood_protection_profile.html.markdown @@ -0,0 +1,70 @@ +--- +subcategory: "Security" +layout: "nsxt" +page_title: "NSXT: policy_gateway_flood_protection_profile" +description: A resource to configure Policy Gateway Flood Protection Profile on NSX Policy manager. +--- + +# nsxt_policy_gateway_flood_protection_profile + +This resource provides a method for the management of a Gateway Flood Protection Profile. + +This resource is applicable to NSX Global Manager and NSX Policy Manager. + +## Example Usage + +```hcl +resource "nsxt_policy_gateway_flood_protection_profile" "test" { + display_name = "test" + description = "test" + icmp_active_flow_limit = 3 + other_active_conn_limit = 3 + tcp_half_open_conn_limit = 3 + udp_active_flow_limit = 3 + nat_active_conn_limit = 3 + + tag { + scope = "scope1" + tag = "tag1" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `display_name` - (Required) Display name of the resource. +* `description` - (Optional) Description of the resource. +* `tag` - (Optional) A list of scope + tag pairs to associate with this resource. +* `nsx_id` - (Optional) The NSX ID of this resource. If set, this ID will be used to create the policy resource. +* `icmp_active_flow_limit` - (Optional) Active ICMP connections limit. If this field is empty, firewall will not set a limit to active ICMP connections. Minimum: 1, Maximum: 1000000. +* `other_active_conn_limit` - (Optional) Timeout after first TN. If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. Minimum: 1, Maximum: 1000000. +* `tcp_half_open_conn_limit` - (Optional) Active half open TCP connections limit. If this field is empty, firewall will not set a limit to half open TCP connections. Minimum: 1, Maximum: 1000000. +* `udp_active_flow_limit` - (Optional) Active UDP connections limit. If this field is empty, firewall will not set a limit to active UDP connections. Minimum: 1, Maximum: 1000000. +* `nat_active_conn_limit` - (Optional) Maximum limit of active NAT connections. The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource. Minimum: 1, Maximum: 4294967295, Default: 4294967295 + +## Attributes Reference + +In addition to arguments listed above, the following attributes are exported: + +* `revision` - Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging. +* `path` - The NSX path of the policy resource. + +## Importing + +An existing Gateway Flood Protection Profile can be [imported][docs-import] into this resource, via the following command: + +[docs-import]: https://www.terraform.io/cli/import + +``` +terraform import nsxt_policy_gateway_flood_protection_profile.gfpp ID +``` + +The above command imports the Gateway Flood Protection Profile named `gfpp` with the NSX Policy ID `ID`. + +``` +terraform import nsxt_policy_gateway_flood_protection_profile.gfpp POLICY_PATH +``` +The above command imports the Gateway Flood Protection Profile named `gfpp` with the policy path `POLICY_PATH`. +Note: for multitenancy projects only the later form is usable.