github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/nsxt_nat_rule_test.go (about) 1 //go:build network || nsxt || functional || openapi || ALL 2 3 package govcd 4 5 import ( 6 "fmt" 7 8 "github.com/vmware/go-vcloud-director/v2/types/v56" 9 . "gopkg.in/check.v1" 10 ) 11 12 func (vcd *TestVCD) Test_NsxtNatDnat(check *C) { 13 skipNoNsxtConfiguration(vcd, check) 14 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 15 16 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 17 check.Assert(err, IsNil) 18 19 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 20 check.Assert(err, IsNil) 21 22 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 23 check.Assert(err, IsNil) 24 25 appPortProfiles, err := org.GetAllNsxtAppPortProfiles(nil, types.ApplicationPortProfileScopeSystem) 26 check.Assert(err, IsNil) 27 28 edgeGatewayPrimaryIp := "" 29 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 30 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 31 } 32 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 33 34 natRuleDefinition := &types.NsxtNatRule{ 35 Name: check.TestName() + "dnat", 36 Description: "description", 37 Enabled: true, 38 RuleType: types.NsxtNatRuleTypeDnat, 39 ExternalAddresses: edgeGatewayPrimaryIp, 40 InternalAddresses: "11.11.11.2", 41 ApplicationPortProfile: &types.OpenApiReference{ 42 ID: appPortProfiles[0].NsxtAppPortProfile.ID, 43 Name: appPortProfiles[0].NsxtAppPortProfile.Name}, 44 SnatDestinationAddresses: "", 45 Logging: vcd.client.Client.IsSysAdmin, 46 DnatExternalPort: "", 47 } 48 49 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 50 } 51 52 func (vcd *TestVCD) Test_NsxtNatDnatExternalPortPort(check *C) { 53 skipNoNsxtConfiguration(vcd, check) 54 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 55 56 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 57 check.Assert(err, IsNil) 58 59 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 60 check.Assert(err, IsNil) 61 62 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 63 check.Assert(err, IsNil) 64 65 appPortProfiles, err := org.GetAllNsxtAppPortProfiles(nil, types.ApplicationPortProfileScopeSystem) 66 check.Assert(err, IsNil) 67 68 edgeGatewayPrimaryIp := "" 69 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 70 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 71 } 72 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 73 74 natRuleDefinition := &types.NsxtNatRule{ 75 Name: check.TestName() + "dnat", 76 Description: "description", 77 Enabled: true, 78 RuleType: types.NsxtNatRuleTypeDnat, 79 ExternalAddresses: edgeGatewayPrimaryIp, 80 InternalAddresses: "11.11.11.2", 81 ApplicationPortProfile: &types.OpenApiReference{ 82 ID: appPortProfiles[0].NsxtAppPortProfile.ID, 83 Name: appPortProfiles[0].NsxtAppPortProfile.Name}, 84 SnatDestinationAddresses: "", 85 Logging: vcd.client.Client.IsSysAdmin, 86 DnatExternalPort: "9898", 87 } 88 89 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 90 } 91 92 func (vcd *TestVCD) Test_NsxtNatDnatFirewallMatchPriority(check *C) { 93 skipNoNsxtConfiguration(vcd, check) 94 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 95 96 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 97 check.Assert(err, IsNil) 98 99 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 100 check.Assert(err, IsNil) 101 102 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 103 check.Assert(err, IsNil) 104 105 appPortProfiles, err := org.GetAllNsxtAppPortProfiles(nil, types.ApplicationPortProfileScopeSystem) 106 check.Assert(err, IsNil) 107 108 edgeGatewayPrimaryIp := "" 109 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 110 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 111 } 112 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 113 114 natRuleDefinition := &types.NsxtNatRule{ 115 Name: check.TestName() + "dnat", 116 Description: "description", 117 Enabled: true, 118 RuleType: types.NsxtNatRuleTypeDnat, 119 ExternalAddresses: edgeGatewayPrimaryIp, 120 InternalAddresses: "11.11.11.2", 121 ApplicationPortProfile: &types.OpenApiReference{ 122 ID: appPortProfiles[0].NsxtAppPortProfile.ID, 123 Name: appPortProfiles[0].NsxtAppPortProfile.Name}, 124 SnatDestinationAddresses: "", 125 Logging: vcd.client.Client.IsSysAdmin, 126 FirewallMatch: types.NsxtNatRuleFirewallMatchExternalAddress, 127 Priority: addrOf(248), 128 } 129 130 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 131 } 132 133 func (vcd *TestVCD) Test_NsxtNatNoDnat(check *C) { 134 skipNoNsxtConfiguration(vcd, check) 135 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 136 137 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 138 check.Assert(err, IsNil) 139 140 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 141 check.Assert(err, IsNil) 142 143 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 144 check.Assert(err, IsNil) 145 146 edgeGatewayPrimaryIp := "" 147 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 148 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 149 } 150 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 151 152 natRuleDefinition := &types.NsxtNatRule{ 153 Name: check.TestName() + "no-dnat", 154 Description: "description", 155 Enabled: true, 156 RuleType: types.NsxtNatRuleTypeNoDnat, 157 ExternalAddresses: edgeGatewayPrimaryIp, 158 } 159 160 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 161 } 162 163 func (vcd *TestVCD) Test_NsxtNatSnat(check *C) { 164 skipNoNsxtConfiguration(vcd, check) 165 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 166 167 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 168 check.Assert(err, IsNil) 169 170 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 171 check.Assert(err, IsNil) 172 173 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 174 check.Assert(err, IsNil) 175 176 appPortProfiles, err := org.GetAllNsxtAppPortProfiles(nil, types.ApplicationPortProfileScopeSystem) 177 check.Assert(err, IsNil) 178 179 edgeGatewayPrimaryIp := "" 180 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 181 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 182 } 183 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 184 185 natRuleDefinition := &types.NsxtNatRule{ 186 Name: check.TestName() + "snat", 187 Description: "description", 188 Enabled: true, 189 RuleType: types.NsxtNatRuleTypeSnat, 190 ExternalAddresses: edgeGatewayPrimaryIp, 191 InternalAddresses: "11.11.11.2", 192 SnatDestinationAddresses: "11.11.11.4", 193 ApplicationPortProfile: &types.OpenApiReference{ 194 ID: appPortProfiles[1].NsxtAppPortProfile.ID, 195 Name: appPortProfiles[1].NsxtAppPortProfile.Name}, 196 } 197 198 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 199 } 200 201 func (vcd *TestVCD) Test_NsxtNatNoSnat(check *C) { 202 skipNoNsxtConfiguration(vcd, check) 203 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 204 205 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 206 check.Assert(err, IsNil) 207 208 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 209 check.Assert(err, IsNil) 210 211 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 212 check.Assert(err, IsNil) 213 214 natRuleDefinition := &types.NsxtNatRule{ 215 Name: check.TestName() + "no-snat", 216 Description: "description", 217 Enabled: true, 218 RuleType: types.NsxtNatRuleTypeNoSnat, 219 ExternalAddresses: "", 220 InternalAddresses: "11.11.11.2", 221 } 222 223 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 224 } 225 226 func (vcd *TestVCD) Test_NsxtNatPriorityAndFirewallMatch(check *C) { 227 skipNoNsxtConfiguration(vcd, check) 228 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 229 230 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 231 check.Assert(err, IsNil) 232 233 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 234 check.Assert(err, IsNil) 235 236 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 237 check.Assert(err, IsNil) 238 239 edgeGatewayPrimaryIp := "" 240 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 241 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 242 } 243 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 244 245 natRuleDefinition := &types.NsxtNatRule{ 246 Name: check.TestName() + "dnat", 247 Description: "description", 248 Enabled: true, 249 RuleType: types.NsxtNatRuleTypeDnat, 250 ExternalAddresses: edgeGatewayPrimaryIp, 251 InternalAddresses: "11.11.11.2", 252 SnatDestinationAddresses: "", 253 Logging: vcd.client.Client.IsSysAdmin, 254 DnatExternalPort: "", 255 Priority: addrOf(100), 256 FirewallMatch: types.NsxtNatRuleFirewallMatchExternalAddress, 257 } 258 259 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 260 } 261 262 // Test_NsxtNatReflexive tests out REFLEXIVE rule type. This is only available in VCD 10.3 (API V36.0) 263 func (vcd *TestVCD) Test_NsxtNatReflexive(check *C) { 264 skipNoNsxtConfiguration(vcd, check) 265 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 266 267 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 268 check.Assert(err, IsNil) 269 270 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 271 check.Assert(err, IsNil) 272 273 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 274 check.Assert(err, IsNil) 275 276 edgeGatewayPrimaryIp := "" 277 if edge.EdgeGateway != nil && len(edge.EdgeGateway.EdgeGatewayUplinks) > 0 && len(edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values) > 0 { 278 edgeGatewayPrimaryIp = edge.EdgeGateway.EdgeGatewayUplinks[0].Subnets.Values[0].PrimaryIP 279 } 280 check.Assert(edgeGatewayPrimaryIp, Not(Equals), "") 281 282 natRuleDefinition := &types.NsxtNatRule{ 283 Name: check.TestName() + "reflexive", 284 Description: "description", 285 Enabled: true, 286 //RuleType: types.NsxtNatRuleTypeReflexive, 287 Type: types.NsxtNatRuleTypeReflexive, 288 ExternalAddresses: edgeGatewayPrimaryIp, 289 InternalAddresses: "11.11.11.2", 290 Priority: addrOf(100), 291 FirewallMatch: types.NsxtNatRuleFirewallMatchExternalAddress, 292 } 293 294 nsxtNatRuleChecks(natRuleDefinition, edge, check, vcd) 295 } 296 297 func nsxtNatRuleChecks(natRuleDefinition *types.NsxtNatRule, edge *NsxtEdgeGateway, check *C, vcd *TestVCD) { 298 createdNatRule, err := edge.CreateNatRule(natRuleDefinition) 299 check.Assert(err, IsNil) 300 openApiEndpoint := types.OpenApiPathVersion1_0_0 + fmt.Sprintf(types.OpenApiEndpointNsxtNatRules, edge.EdgeGateway.ID) + createdNatRule.NsxtNatRule.ID 301 AddToCleanupListOpenApi(createdNatRule.NsxtNatRule.Name, check.TestName(), openApiEndpoint) 302 303 // check if created rule matches definition 304 check.Assert(createdNatRule.IsEqualTo(natRuleDefinition), Equals, true) 305 306 // Validate that supplied values are the same as read values 307 natRuleDefinition.ID = createdNatRule.NsxtNatRule.ID // ID is always the difference 308 natRuleDefinition.Priority = createdNatRule.NsxtNatRule.Priority // Priority returns default value (0) for VCD 10.2.2+ 309 natRuleDefinition.FirewallMatch = createdNatRule.NsxtNatRule.FirewallMatch // FirewallMatch returns default value (MATCH_INTERNAL_ADDRESS) for VCD 10.2.2+ 310 natRuleDefinition.Version = createdNatRule.NsxtNatRule.Version // Version will always be populated afterwards 311 natRuleDefinition.Type = createdNatRule.NsxtNatRule.Type 312 313 check.Assert(createdNatRule.NsxtNatRule, DeepEquals, natRuleDefinition) 314 315 // Try to get NAT rules by name and by ID 316 natRuleById, err := edge.GetNatRuleById(createdNatRule.NsxtNatRule.ID) 317 check.Assert(err, IsNil) 318 natRuleByName, err := edge.GetNatRuleByName(createdNatRule.NsxtNatRule.Name) 319 check.Assert(err, IsNil) 320 321 check.Assert(natRuleById.NsxtNatRule, DeepEquals, natRuleDefinition) 322 check.Assert(natRuleByName.NsxtNatRule, DeepEquals, natRuleDefinition) 323 324 // Try to update value 325 createdNatRule.NsxtNatRule.Name = check.TestName() + "updated" 326 updatedNatRule, err := createdNatRule.Update(createdNatRule.NsxtNatRule) 327 check.Assert(err, IsNil) 328 329 // validate that supplied values are new, but ID stays the same 330 check.Assert(updatedNatRule.NsxtNatRule.ID, Equals, createdNatRule.NsxtNatRule.ID) 331 check.Assert(updatedNatRule.NsxtNatRule.RuleType, Equals, createdNatRule.NsxtNatRule.RuleType) 332 333 err = createdNatRule.Delete() 334 check.Assert(err, IsNil) 335 336 _, err = edge.GetNatRuleById(createdNatRule.NsxtNatRule.ID) 337 check.Assert(ContainsNotFound(err), Equals, true) 338 }