Add distributed firewall for NSX-V VDC (#521)

* Add functions to enable/disable a NSX-V distributed firewall * Add NSX-V distributed firewall and service types specifications * Add services and configuration retrieval functions * Add NSX-V distributed firewall update function * Implement IsNsxv for AdminVdc * Add test for AdminVdc.IsNsxv * Add test for NSX-V distributed firewall update * Add CHANGELOG entry Signed-off-by: Giuseppe Maxia <[email protected]>
vmware · Mar 14, 2023 · aea05c4 · aea05c4
1 parent cdc1a00
commit aea05c4
Show file tree

Hide file tree

Showing 9 changed files with 1,084 additions and 0 deletions.
diff --git a/.changes/v2.20.0/521-features.md b/.changes/v2.20.0/521-features.md
@@ -0,0 +1,5 @@
+* Added method `AdminVdc.IsNsxv` to detect whether an Admin VDC is NSX-V [GH-521]
+* Added function `NewNsxvDistributedFirewall` to create a new NSX-V distributed firewall [GH-521]
+* Added `NsxvDistributedFirewall` methods `GetConfiguration`, `IsEnabled`, `Enable`, `Disable`, `UpdateConfiguration`, `Refresh` to handle CRUD operations with NSX-V distributed firewalls [GH-521]
+* Added `NsxvDistributedFirewall` methods `GetServices`, `GetServiceGroups`, `GetServiceById`, `GetServiceByName`, `GetServiceGroupById`, `GetServiceGroupByName` to retrieve specific services or service groups [GH-521]
+* Added `NsxvDistributedFirewall` methods `GetServicesByRegex` and `GetServiceGroupsByRegex` to search services or service groups by regular expression [GH-521]
diff --git a/govcd/adminvdc.go b/govcd/adminvdc.go
@@ -596,3 +596,11 @@ func (adminVdc *AdminVdc) GetDefaultStorageProfileReference() (*types.Reference,
 	}
 	return nil, fmt.Errorf("no default storage profile found for VDC %s", adminVdc.AdminVdc.Name)
 }
+
+// IsNsxv is a convenience function to check if the Admin VDC is backed by NSX-V Provider VDC
+func (adminVdc *AdminVdc) IsNsxv() bool {
+	vdc := NewVdc(adminVdc.client)
+	vdc.Vdc = &adminVdc.AdminVdc.Vdc
+	vdc.parent = adminVdc.parent
+	return vdc.IsNsxv()
+}
diff --git a/govcd/api.go b/govcd/api.go
@@ -871,6 +871,21 @@ func (client *Client) TestConnectionWithDefaults(subscriptionURL string) (bool,
 	return true, nil
 }
 
+// buildUrl uses the Client base URL to create a customised URL
+func (client *Client) buildUrl(elements ...string) (string, error) {
+	baseUrl := client.VCDHREF.String()
+	if !IsValidUrl(baseUrl) {
+		return "", fmt.Errorf("incorrect URL %s", client.VCDHREF.String())
+	}
+	if strings.HasSuffix(baseUrl, "/") {
+		baseUrl = strings.TrimRight(baseUrl, "/")
+	}
+	if strings.HasSuffix(baseUrl, "/api") {
+		baseUrl = strings.TrimRight(baseUrl, "/api")
+	}
+	return url.JoinPath(baseUrl, elements...)
+}
+
 // ---------------------------------------------------------------------
 // The following functions are needed to avoid strict Coverity warnings
 // ---------------------------------------------------------------------

diff --git a/govcd/api_vcd_test.go b/govcd/api_vcd_test.go
@@ -1157,6 +1157,38 @@ func (vcd *TestVCD) removeLeftoverEntities(entity CleanupEntity) {
 			vcd.infoCleanup(notDeletedMsg, entity.EntityType, entity.Name, err)
 		}
 		return
+	case "nsxv_dfw":
+		if entity.Parent == "" {
+			vcd.infoCleanup("removeLeftoverEntries: [ERROR] No ORG provided for VDC '%s'\n", entity.Name)
+			return
+		}
+		org, err := vcd.client.GetAdminOrgByName(entity.Parent)
+		if err != nil {
+			vcd.infoCleanup(notFoundMsg, "org", entity.Parent)
+			return
+		}
+		vdc, err := org.GetVDCByName(entity.Name, false)
+		if vdc == nil || err != nil {
+			vcd.infoCleanup(notFoundMsg, "vdc", entity.Name)
+			return
+		}
+		dfw := NewNsxvDistributedFirewall(vdc.client, vdc.Vdc.ID)
+		enabled, err := dfw.IsEnabled()
+		if err != nil {
+			vcd.infoCleanup("removeLeftoverEntries: [ERROR] checking distributed firewall from VCD '%s': %s", entity.Name, err)
+			return
+		}
+		if !enabled {
+			vcd.infoCleanup(notFoundMsg, entity.EntityType, entity.Name)
+			return
+		}
+		err = dfw.Disable()
+		if err == nil {
+			vcd.infoCleanup(removedMsg, entity.EntityType, entity.Name, entity.CreatedBy)
+		} else {
+			vcd.infoCleanup("removeLeftoverEntries: [ERROR] removing distributed firewall from VCD '%s': %s", entity.Name, err)
+			return
+		}
 	case "standaloneVm":
 		vm, err := vcd.org.QueryVmById(entity.Name) // The VM ID must be passed as Name
 		if IsNotFound(err) {
@@ -1622,6 +1654,9 @@ func (vcd *TestVCD) TearDownSuite(check *C) {
 // Tests getloginurl with the endpoint given
 // in the config file.
 func TestClient_getloginurl(t *testing.T) {
+	if os.Getenv("GOVCD_API_VERSION") != "" {
+		t.Skip("custom API version is being used")
+	}
 	config, err := GetConfigStruct()
 	if err != nil {
 		t.Fatalf("err: %s", err)