Add support for managing VDC group

.changes/v2.14.0/410-features.md

@@ -0,0 +1,2 @@
+* Added types `VdcGroup`, `types.VdcGroup`, `types.ParticipatingOrgVdcs`, `types.CandidateVdc`, `types.DfwPolicies` and `types.DefaultPolicy` for handling VDC groups with corresponding
+  methods `adminOrg.CreateNsxtVdcGroup`, `adminOrg.CreateVdcGroup`, `adminOrg.GetAllNsxtVdcGroupCandidates`, `adminOrg.GetAllVdcGroupCandidates`, `adminOrg.GetAllVdcGroups`, `adminOrg.GetVdcGroupByName`, `adminOrg.GetVdcGroupById`, `vdcGroup.Update`, `vdcGroup.GenericUpdate`, `vdcGroup.Delete`, `vdcGroup.DisableDefaultPolicy`, `vdcGroup.EnableDefaultPolicy`, `vdcGroup.GetDfwPolicies`, `vdcGroup.DeActivateDfw`, `vdcGroup.ActivateDfw`, `vdcGroup.UpdateDefaultDfwPolicies`, `vdcGroup.UpdateDfwPolicies`  [GH-410]

govcd/api_test.go

@@ -51,6 +51,8 @@ At least one of the following tags should be defined:
    * user:       Runs user related tests
    * vapp:       Runs vapp related tests
    * vdc:        Runs vdc related tests
+   * vdcGroup:   Runs vdc group related tests
+   * certificate Runs certificate related tests
    * vm:         Runs vm related tests
 
 Examples:

govcd/api_vcd_test.go

@@ -1,5 +1,5 @@
-//go:build api || openapi || functional || catalog || vapp || gateway || network || org || query || extnetwork || task || vm || vdc || system || disk || lb || lbAppRule || lbAppProfile || lbServerPool || lbServiceMonitor || lbVirtualServer || user || search || nsxv || nsxt || auth || affinity || role || alb || certificate || ALL
-// +build api openapi functional catalog vapp gateway network org query extnetwork task vm vdc system disk lb lbAppRule lbAppProfile lbServerPool lbServiceMonitor lbVirtualServer user search nsxv nsxt auth affinity role alb certificate ALL
+//go:build api || openapi || functional || catalog || vapp || gateway || network || org || query || extnetwork || task || vm || vdc || system || disk || lb || lbAppRule || lbAppProfile || lbServerPool || lbServiceMonitor || lbVirtualServer || user || search || nsxv || nsxt || auth || affinity || role || alb || certificate || vdcGroup || ALL
+// +build api openapi functional catalog vapp gateway network org query extnetwork task vm vdc system disk lb lbAppRule lbAppProfile lbServerPool lbServiceMonitor lbVirtualServer user search nsxv nsxt auth affinity role alb certificate vdcGroup ALL
 
 /*
  * Copyright 2021 VMware, Inc.  All rights reserved.  Licensed under the Apache v2 License.

govcd/certificate_management.go

@@ -6,10 +6,8 @@ package govcd
 
 import (
 	"fmt"
-	"net/url"
-	"strings"
-
 	"github.com/vmware/go-vcloud-director/v2/types/v56"
+	"net/url"
 )
 
 // Certificate is a structure defining a certificate in VCD
@@ -186,42 +184,42 @@ func (adminOrg *AdminOrg) GetAllCertificatesFromLibrary(queryParameters url.Valu
 // https://github.com/golang/go/issues/4013
 // https://github.com/czos/goamz/pull/11/files
 func getCertificateFromLibraryByName(client *Client, name string, additionalHeader map[string]string) (*Certificate, error) {
-	var params = url.Values{}
-
-	slowSearch := false
-	versionWithNoBug, err := client.VersionEqualOrGreater("10.3", 3)
+	slowSearch, params, err := shouldDoSlowSearch("alias", name, client)
 	if err != nil {
 		return nil, err
 	}
-	if (!versionWithNoBug && (strings.Contains(name, ",") || strings.Contains(name, ";"))) ||
-		strings.Contains(name, " ") || strings.Contains(name, "+") || strings.Contains(name, "*") {
-		slowSearch = true
-	} else {
-		params.Set("filter", fmt.Sprintf("alias==%s", url.QueryEscape(name)))
-		params.Set("filterEncoded", "true")
-	}
 
+	var foundCertificates []*Certificate
 	certificates, err := getAllCertificateFromLibrary(client, params, additionalHeader)
 	if err != nil {
 		return nil, err
 	}
 	if len(certificates) == 0 {
 		return nil, ErrorEntityNotFound
 	}
+	foundCertificates = append(foundCertificates, certificates[0])
 
 	if slowSearch {
+		foundCertificates = nil
 		for _, certificate := range certificates {
 			if certificate.CertificateLibrary.Alias == name {
-				return certificate, nil
+				foundCertificates = append(foundCertificates, certificate)
 			}
 		}
-		return nil, ErrorEntityNotFound
+		if len(foundCertificates) == 0 {
+			return nil, ErrorEntityNotFound
+		}
+		if len(foundCertificates) > 1 {
+			return nil, fmt.Errorf("more than one certificate found with name '%s'", name)
+		}
 	}
 
-	if len(certificates) > 1 {
-		return nil, fmt.Errorf("more than one certificate found with name '%s'", name)
+	if len(certificates) > 1 && !slowSearch {
+		{
+			return nil, fmt.Errorf("more than one certificate found with name '%s'", name)
+		}
 	}
-	return certificates[0], nil
+	return foundCertificates[0], nil
 }
 
 // GetCertificateFromLibraryByName retrieves certificate from certificate library by given name

govcd/common_test.go

@@ -858,16 +858,6 @@ func extractIdsFromOpenApiReferences(refs []types.OpenApiReference) []string {
 	return resultStrings
 }
 
-// contains checks if a slice contains element
-func contains(s []string, element string) bool {
-	for _, a := range s {
-		if a == element {
-			return true
-		}
-	}
-	return false
-}
-
 // checkSkipWhenApiToken skips the test if the connection was established using an API token
 func (vcd *TestVCD) checkSkipWhenApiToken(check *C) {
 	if vcd.client.Client.UsingAccessToken {

govcd/nsxt_firewall_test.go

@@ -71,7 +71,7 @@ func (vcd *TestVCD) Test_NsxtFirewall(check *C) {
 		check.Assert(len(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules), Equals, len(randomizedFwRuleDefs))
 		definedAppPortProfileIds := extractIdsFromOpenApiReferences(randomizedFwRuleDefs[index].ApplicationPortProfiles)
 		for _, appPortProfile := range fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].ApplicationPortProfiles {
-			check.Assert(contains(definedAppPortProfileIds, appPortProfile.ID), Equals, true)
+			check.Assert(contains(appPortProfile.ID, definedAppPortProfileIds), Equals, true)
 		}
 	}
 

govcd/openapi.go

@@ -786,3 +786,28 @@ func copyUrlRef(in *url.URL) *url.URL {
 	}
 	return newUrlRef
 }
+
+// shouldDoSlowSearch returns true if query isn't working or added needed params if returns false.
+// When the name contains commas, semicolons or asterisks, the encoding is rejected by the API in VCD 10.2 version.
+// For this reason, when one or more commas, semicolons or asterisks are present we run the search brute force,
+// by fetching all and comparing the name. Yet, this is not needed anymore in VCD 10.3 version.
+// Also, url.QueryEscape as well as url.Values.Encode() both encode the space as a + character. So we use
+// search brute force too. Reference to issue:
+// https://github.com/golang/go/issues/4013
+// https://github.com/czos/goamz/pull/11/files
+func shouldDoSlowSearch(filterKey, name string, client *Client) (bool, url.Values, error) {
+	var params = url.Values{}
+	slowSearch := false
+	versionWithNoBug, err := client.VersionEqualOrGreater("10.3", 2)
+	if err != nil {
+		return false, params, err
+	}
+	if (!versionWithNoBug && (strings.Contains(name, ",") || strings.Contains(name, ";"))) ||
+		strings.Contains(name, " ") || strings.Contains(name, "+") || strings.Contains(name, "*") {
+		slowSearch = true
+	} else {
+		params.Set("filter", fmt.Sprintf(filterKey+"==%s", url.QueryEscape(name)))
+		params.Set("filterEncoded", "true")
+	}
+	return slowSearch, params, err
+}

govcd/openapi_endpoints.go

@@ -44,6 +44,10 @@ var endpointMinApiVersions = map[string]string{
 	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointIpSecVpnTunnel:                     "34.0", // VCD 10.1+
 	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointIpSecVpnTunnelConnectionProperties: "34.0", // VCD 10.1+
 	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointIpSecVpnTunnelStatus:               "34.0", // VCD 10.1+
+	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroups:                          "35.0", // VCD 10.2+
+	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroupsCandidateVdcs:             "35.0", // VCD 10.2+
+	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroupsDfwPolicies:               "35.0", // VCD 10.2+
+	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroupsDfwDefaultPolicies:        "35.0", // VCD 10.2+
 
 	// NSX-T ALB (Advanced/AVI Load Balancer) support was introduced in 10.2
 	types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointAlbController:                    "35.0", // VCD 10.2+

govcd/roles.go

@@ -368,13 +368,17 @@ func removeRightsFromRole(client *Client, roleType, name, id, endpoint string, r
 		for _, rr := range removeRights {
 			if cr.ID == rr.ID {
 				foundToRemove[cr.Name] = true
-			} else {
-				// If the right is not in the list to be removed, we add it to the input (to be preserved) list
-				input.Values = append(input.Values, types.OpenApiReference{Name: cr.Name, ID: cr.ID})
 			}
 		}
 	}
 
+	for _, cr := range currentRights {
+		_, found := foundToRemove[cr.Name]
+		if !found {
+			input.Values = append(input.Values, types.OpenApiReference{Name: cr.Name, ID: cr.ID})
+		}
+	}
+
 	// Check that all the items to be removed were found in the current rights list
 	notFoundNames := ""
 	for name, found := range foundToRemove {

govcd/system_test.go

@@ -669,6 +669,6 @@ func (vcd *TestVCD) TestQueryAllVdcs(check *C) {
 		fmt.Printf("# Checking result contains all known VDCs (%s).", strings.Join((knownVdcs), ", "))
 	}
 	for _, knownVdcName := range knownVdcs {
-		check.Assert(contains(foundVdcNames, knownVdcName), Equals, true)
+		check.Assert(contains(knownVdcName, foundVdcNames), Equals, true)
 	}
 }

govcd/tenant_context.go

@@ -173,3 +173,13 @@ func getTenantContextFromHeader(header map[string]string) *TenantContext {
 	}
 	return nil
 }
+
+// getTenantContext retrieves the tenant context for a VdcGroup
+func (vdcGroup *VdcGroup) getTenantContext() (*TenantContext, error) {
+	org := vdcGroup.parent
+
+	if org == nil {
+		return nil, fmt.Errorf("VDC group %s has no parent", vdcGroup.VdcGroup.Name)
+	}
+	return org.tenantContext()
+}