github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/nsxt_firewall_group_ip_set_test.go (about) 1 //go:build network || nsxt || functional || openapi || ALL 2 3 package govcd 4 5 import ( 6 "github.com/vmware/go-vcloud-director/v2/types/v56" 7 . "gopkg.in/check.v1" 8 ) 9 10 // Test_NsxtIpSet tests out IP Set capabilities using Firewall Group endpoint 11 func (vcd *TestVCD) Test_NsxtIpSet(check *C) { 12 skipNoNsxtConfiguration(vcd, check) 13 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 14 vcd.skipIfNotSysAdmin(check) 15 16 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 17 check.Assert(err, IsNil) 18 19 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 20 check.Assert(err, IsNil) 21 22 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 23 check.Assert(err, IsNil) 24 25 ipSetDefinition := &types.NsxtFirewallGroup{ 26 Name: check.TestName(), 27 Description: check.TestName() + "-Description", 28 Type: types.FirewallGroupTypeIpSet, 29 OwnerRef: &types.OpenApiReference{ID: edge.EdgeGateway.ID}, 30 31 IpAddresses: []string{ 32 "12.12.12.1", 33 "10.10.10.0/24", 34 "11.11.11.1-11.11.11.2", 35 // represents the block of IPv6 addresses from 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff 36 "2001:db8::/48", 37 "2001:db6:0:0:0:0:0:0-2001:db6:0:ffff:ffff:ffff:ffff:ffff", 38 }, 39 } 40 41 // Create IP Set and add to cleanup if it was created 42 createdIpSet, err := nsxtVdc.CreateNsxtFirewallGroup(ipSetDefinition) 43 check.Assert(err, IsNil) 44 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + createdIpSet.NsxtFirewallGroup.ID 45 AddToCleanupListOpenApi(createdIpSet.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint) 46 47 check.Assert(createdIpSet.NsxtFirewallGroup.ID, Not(Equals), "") 48 check.Assert(createdIpSet.NsxtFirewallGroup.EdgeGatewayRef.Name, Equals, vcd.config.VCD.Nsxt.EdgeGateway) 49 50 check.Assert(createdIpSet.NsxtFirewallGroup.Description, Equals, ipSetDefinition.Description) 51 check.Assert(createdIpSet.NsxtFirewallGroup.Name, Equals, ipSetDefinition.Name) 52 check.Assert(createdIpSet.NsxtFirewallGroup.Type, Equals, ipSetDefinition.Type) 53 54 // Update and compare 55 createdIpSet.NsxtFirewallGroup.Description = "updated-description" 56 createdIpSet.NsxtFirewallGroup.Name = check.TestName() + "-updated" 57 58 updatedIpSet, err := createdIpSet.Update(createdIpSet.NsxtFirewallGroup) 59 check.Assert(err, IsNil) 60 check.Assert(updatedIpSet.NsxtFirewallGroup, DeepEquals, createdIpSet.NsxtFirewallGroup) 61 62 check.Assert(updatedIpSet, DeepEquals, createdIpSet) 63 64 // Get all Firewall Groups and check if the created one is there 65 allIpSets, err := org.GetAllNsxtFirewallGroups(nil, types.FirewallGroupTypeIpSet) 66 check.Assert(err, IsNil) 67 fwGroupFound := false 68 for i := range allIpSets { 69 if allIpSets[i].NsxtFirewallGroup.ID == updatedIpSet.NsxtFirewallGroup.ID { 70 fwGroupFound = true 71 break 72 } 73 } 74 check.Assert(fwGroupFound, Equals, true) 75 76 // Check if all retrieval functions get the same 77 orgIpSetByName, err := org.GetNsxtFirewallGroupByName(updatedIpSet.NsxtFirewallGroup.Name, types.FirewallGroupTypeIpSet) 78 check.Assert(err, IsNil) 79 orgIpSetById, err := org.GetNsxtFirewallGroupById(updatedIpSet.NsxtFirewallGroup.ID) 80 check.Assert(err, IsNil) 81 check.Assert(orgIpSetByName.NsxtFirewallGroup, DeepEquals, orgIpSetById.NsxtFirewallGroup) 82 83 // Get Firewall Group using VDC 84 vdcIpSetByName, err := nsxtVdc.GetNsxtFirewallGroupByName(updatedIpSet.NsxtFirewallGroup.Name, types.FirewallGroupTypeIpSet) 85 check.Assert(err, IsNil) 86 vdcIpSetById, err := nsxtVdc.GetNsxtFirewallGroupById(updatedIpSet.NsxtFirewallGroup.ID) 87 check.Assert(err, IsNil) 88 check.Assert(vdcIpSetByName.NsxtFirewallGroup, DeepEquals, vdcIpSetById.NsxtFirewallGroup) 89 check.Assert(vdcIpSetById.NsxtFirewallGroup, DeepEquals, orgIpSetById.NsxtFirewallGroup) 90 91 // Get Firewall Group using Edge Gateway 92 edgeIpSetByName, err := edge.GetNsxtFirewallGroupByName(updatedIpSet.NsxtFirewallGroup.Name, types.FirewallGroupTypeIpSet) 93 check.Assert(err, IsNil) 94 edgeIpSetById, err := edge.GetNsxtFirewallGroupById(updatedIpSet.NsxtFirewallGroup.ID) 95 check.Assert(err, IsNil) 96 check.Assert(edgeIpSetByName.NsxtFirewallGroup, DeepEquals, orgIpSetByName.NsxtFirewallGroup) 97 check.Assert(edgeIpSetById.NsxtFirewallGroup, DeepEquals, edgeIpSetByName.NsxtFirewallGroup) 98 99 // Get Firewall Group using VDC Group 100 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.config.VCD.Org) 101 check.Assert(err, IsNil) 102 103 nsxtExternalNetwork, err := GetExternalNetworkV2ByName(vcd.client, vcd.config.VCD.Nsxt.ExternalNetwork) 104 check.Assert(err, IsNil) 105 check.Assert(nsxtExternalNetwork, NotNil) 106 107 vdc, vdcGroup := test_CreateVdcGroup(check, adminOrg, vcd) 108 egwDefinition := &types.OpenAPIEdgeGateway{ 109 Name: "nsx-for-IpSet-edge", 110 Description: "nsx-for-IpSet-edge-description", 111 OwnerRef: &types.OpenApiReference{ 112 ID: vdc.Vdc.ID, 113 }, 114 EdgeGatewayUplinks: []types.EdgeGatewayUplinks{{ 115 UplinkID: nsxtExternalNetwork.ExternalNetwork.ID, 116 Subnets: types.OpenAPIEdgeGatewaySubnets{Values: []types.OpenAPIEdgeGatewaySubnetValue{{ 117 Gateway: "1.1.1.1", 118 PrefixLength: 24, 119 Enabled: true, 120 }}}, 121 Connected: true, 122 Dedicated: false, 123 }}, 124 } 125 126 // Create Edge Gateway in VDC Group 127 createdEdge, err := adminOrg.CreateNsxtEdgeGateway(egwDefinition) 128 check.Assert(err, IsNil) 129 check.Assert(createdEdge.EdgeGateway.OwnerRef.ID, Matches, `^urn:vcloud:vdc:.*`) 130 openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointEdgeGateways + createdEdge.EdgeGateway.ID 131 PrependToCleanupListOpenApi(createdEdge.EdgeGateway.Name, check.TestName(), openApiEndpoint) 132 133 check.Assert(createdEdge.EdgeGateway.Name, Equals, egwDefinition.Name) 134 check.Assert(createdEdge.EdgeGateway.OwnerRef.ID, Equals, egwDefinition.OwnerRef.ID) 135 136 movedGateway, err := createdEdge.MoveToVdcOrVdcGroup(vdcGroup.VdcGroup.Id) 137 check.Assert(err, IsNil) 138 check.Assert(movedGateway.EdgeGateway.OwnerRef.ID, Equals, vdcGroup.VdcGroup.Id) 139 check.Assert(movedGateway.EdgeGateway.OwnerRef.ID, Matches, `^urn:vcloud:vdcGroup:.*`) 140 141 ipSetDefinition.Name = check.TestName() + "VdcGroup" 142 ipSetDefinition.OwnerRef.ID = vdcGroup.VdcGroup.Id 143 createdIpSetInVdcGroup, err := createdEdge.CreateNsxtFirewallGroup(ipSetDefinition) 144 check.Assert(err, IsNil) 145 check.Assert(createdIpSetInVdcGroup, NotNil) 146 openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + createdIpSetInVdcGroup.NsxtFirewallGroup.ID 147 AddToCleanupListOpenApi(createdIpSet.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint) 148 vdcGroupIpSetByName, err := vdcGroup.GetNsxtFirewallGroupByName(createdIpSetInVdcGroup.NsxtFirewallGroup.Name, types.FirewallGroupTypeIpSet) 149 check.Assert(err, IsNil) 150 vdcGroupIpSetById, err := vdcGroup.GetNsxtFirewallGroupById(createdIpSetInVdcGroup.NsxtFirewallGroup.ID) 151 check.Assert(err, IsNil) 152 check.Assert(vdcGroupIpSetByName.NsxtFirewallGroup, DeepEquals, vdcGroupIpSetById.NsxtFirewallGroup) 153 check.Assert(vdcGroupIpSetById.NsxtFirewallGroup, DeepEquals, vdcGroupIpSetByName.NsxtFirewallGroup) 154 155 associatedVms, err := edgeIpSetByName.GetAssociatedVms() 156 // IP_SET type Firewall Groups do not have VM associations and throw an error on API call. 157 // The error is: only Security Groups have associated VMs. This Firewall Group has type 'IP_SET' 158 // Not hardcodeing it here because it may change and break the test. 159 check.Assert(err, NotNil) 160 check.Assert(associatedVms, IsNil) 161 162 // Remove 163 err = createdIpSet.Delete() 164 check.Assert(err, IsNil) 165 err = vdcGroupIpSetByName.Delete() 166 check.Assert(err, IsNil) 167 168 // Create IP Set using Edge Gateway method 169 ipSetDefinition.Name = check.TestName() + "-using-edge-gateway-type" 170 ipSetDefinition.OwnerRef.ID = edge.EdgeGateway.ID 171 172 // Create IP Set and add to cleanup if it was created 173 edgeCreatedIpSet, err := nsxtVdc.CreateNsxtFirewallGroup(ipSetDefinition) 174 check.Assert(err, IsNil) 175 openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + edgeCreatedIpSet.NsxtFirewallGroup.ID 176 AddToCleanupListOpenApi(createdIpSet.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint) 177 178 check.Assert(edgeCreatedIpSet.NsxtFirewallGroup.ID, Not(Equals), "") 179 check.Assert(edgeCreatedIpSet.NsxtFirewallGroup.OwnerRef.Name, Equals, edge.EdgeGateway.Name) 180 181 err = edgeCreatedIpSet.Delete() 182 check.Assert(err, IsNil) 183 184 // Remove Edge Gateway 185 err = movedGateway.Delete() 186 check.Assert(err, IsNil) 187 188 // Remove VDC group and VDC 189 err = vdcGroup.Delete() 190 check.Assert(err, IsNil) 191 task, err := vdc.Delete(true, true) 192 check.Assert(err, IsNil) 193 err = task.WaitTaskCompletion() 194 check.Assert(err, IsNil) 195 }