github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/vdc_group_test.go (about) 1 //go:build functional || openapi || vdcGroup || nsxt || ALL 2 3 /* 4 * Copyright 2021 VMware, Inc. All rights reserved. Licensed under the Apache v2 License. 5 */ 6 7 package govcd 8 9 import ( 10 "fmt" 11 "strings" 12 13 "github.com/vmware/go-vcloud-director/v2/types/v56" 14 . "gopkg.in/check.v1" 15 ) 16 17 // tests creation of NSX-T VDCs group 18 func (vcd *TestVCD) Test_CreateVdcGroup(check *C) { 19 fmt.Printf("Running: %s\n", check.TestName()) 20 if vcd.skipAdminTests { 21 check.Skip(fmt.Sprintf(TestRequiresSysAdminPrivileges, check.TestName())) 22 } 23 if vcd.config.VCD.Nsxt.Vdc == "" { 24 check.Skip("Missing NSX-T config: No NSX-T VDC specified") 25 } 26 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointVdcGroups) 27 28 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.org.Org.Name) 29 check.Assert(err, IsNil) 30 check.Assert(adminOrg, NotNil) 31 32 vdc, vdcGroup := test_CreateVdcGroup(check, adminOrg, vcd) 33 err = vdcGroup.Delete() 34 check.Assert(err, IsNil) 35 task, err := vdc.Delete(true, true) 36 check.Assert(err, IsNil) 37 err = task.WaitTaskCompletion() 38 check.Assert(err, IsNil) 39 } 40 41 // tests creation of NSX-T VDCs group 42 func (vcd *TestVCD) Test_NsxtVdcGroup(check *C) { 43 fmt.Printf("Running: %s\n", check.TestName()) 44 if vcd.skipAdminTests { 45 check.Skip(fmt.Sprintf(TestRequiresSysAdminPrivileges, check.TestName())) 46 } 47 if vcd.config.VCD.Nsxt.Vdc == "" { 48 check.Skip("Missing NSX-T config: No NSX-T VDC specified") 49 } 50 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointVdcGroups) 51 52 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.org.Org.Name) 53 check.Assert(err, IsNil) 54 check.Assert(adminOrg, NotNil) 55 vdcGroup := test_NsxtVdcGroup(check, adminOrg, vcd) 56 57 err = vdcGroup.Delete() 58 check.Assert(err, IsNil) 59 } 60 61 func (vcd *TestVCD) Test_NsxtVdcGroupForceDelete(check *C) { 62 fmt.Printf("Running: %s\n", check.TestName()) 63 if vcd.skipAdminTests { 64 check.Skip(fmt.Sprintf(TestRequiresSysAdminPrivileges, check.TestName())) 65 } 66 if vcd.config.VCD.Nsxt.Vdc == "" { 67 check.Skip("Missing NSX-T config: No NSX-T VDC specified") 68 } 69 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointVdcGroups) 70 71 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.org.Org.Name) 72 check.Assert(err, IsNil) 73 check.Assert(adminOrg, NotNil) 74 75 // Create VDC Group 76 vdcGroup, err := adminOrg.CreateNsxtVdcGroup(check.TestName(), "", vcd.nsxtVdc.vdcId(), []string{vcd.nsxtVdc.vdcId()}) 77 check.Assert(err, IsNil) 78 check.Assert(vdcGroup, NotNil) 79 80 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroups + vdcGroup.VdcGroup.Id 81 PrependToCleanupListOpenApi(vdcGroup.VdcGroup.Name, check.TestName(), openApiEndpoint) 82 83 // Create an IP Set within a VDC Group to ensure that force deletion of a VDC Group works later 84 // (it would return an error without forcing it) 85 ipSetDefinition := &types.NsxtFirewallGroup{ 86 Name: check.TestName(), 87 Description: check.TestName() + "-Description", 88 Type: types.FirewallGroupTypeIpSet, 89 OwnerRef: &types.OpenApiReference{ID: vdcGroup.VdcGroup.Id}, 90 IpAddresses: []string{"12.12.12.1"}, 91 } 92 93 // Create IP Set and add to cleanup if it was created 94 _, err = vdcGroup.CreateNsxtFirewallGroup(ipSetDefinition) 95 check.Assert(err, IsNil) 96 97 // Force delete VDC Group 98 err = vdcGroup.ForceDelete(true) 99 check.Assert(err, IsNil) 100 101 _, err = adminOrg.GetVdcGroupById(vdcGroup.VdcGroup.Id) 102 check.Assert(ContainsNotFound(err), Equals, true) 103 } 104 105 func test_NsxtVdcGroup(check *C, adminOrg *AdminOrg, vcd *TestVCD) *VdcGroup { 106 description := "vdc group created by test" 107 108 _, err := adminOrg.CreateNsxtVdcGroup(check.TestName(), description, vcd.nsxtVdc.vdcId(), []string{vcd.vdc.vdcId()}) 109 check.Assert(err, NotNil) 110 111 vdcGroup, err := adminOrg.CreateNsxtVdcGroup(check.TestName(), description, vcd.nsxtVdc.vdcId(), []string{vcd.nsxtVdc.vdcId()}) 112 check.Assert(err, IsNil) 113 check.Assert(vdcGroup, NotNil) 114 115 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroups + vdcGroup.VdcGroup.Id 116 PrependToCleanupListOpenApi(vdcGroup.VdcGroup.Name, check.TestName(), openApiEndpoint) 117 118 check.Assert(vdcGroup.VdcGroup.Description, Equals, description) 119 check.Assert(vdcGroup.VdcGroup.DfwEnabled, Equals, false) 120 check.Assert(len(vdcGroup.VdcGroup.ParticipatingOrgVdcs), Equals, 1) 121 check.Assert(vdcGroup.VdcGroup.OrgId, Equals, adminOrg.AdminOrg.ID) 122 check.Assert(vdcGroup.VdcGroup.Name, Equals, check.TestName()) 123 check.Assert(vdcGroup.VdcGroup.LocalEgress, Equals, false) 124 check.Assert(vdcGroup.VdcGroup.UniversalNetworkingEnabled, Equals, false) 125 check.Assert(vdcGroup.VdcGroup.NetworkProviderType, Equals, "NSX_T") 126 check.Assert(vdcGroup.VdcGroup.Type, Equals, "LOCAL") 127 128 // check fetching by ID 129 foundVdcGroup, err := adminOrg.GetVdcGroupById(vdcGroup.VdcGroup.Id) 130 check.Assert(err, IsNil) 131 check.Assert(foundVdcGroup, NotNil) 132 check.Assert(foundVdcGroup.VdcGroup.Name, Equals, vdcGroup.VdcGroup.Name) 133 check.Assert(foundVdcGroup.VdcGroup.Description, Equals, vdcGroup.VdcGroup.Description) 134 check.Assert(len(foundVdcGroup.VdcGroup.ParticipatingOrgVdcs), Equals, len(vdcGroup.VdcGroup.ParticipatingOrgVdcs)) 135 136 // check fetching all VDC groups 137 allVdcGroups, err := adminOrg.GetAllVdcGroups(nil) 138 check.Assert(err, IsNil) 139 check.Assert(allVdcGroups, NotNil) 140 141 if testVerbose { 142 fmt.Printf("(org) how many VDC groups: %d\n", len(allVdcGroups)) 143 for i, oneVdcGroup := range allVdcGroups { 144 fmt.Printf("%3d %-20s %-53s %s\n", i, oneVdcGroup.VdcGroup.Name, oneVdcGroup.VdcGroup.Id, 145 oneVdcGroup.VdcGroup.Description) 146 } 147 } 148 149 // check fetching VDC group by Name 150 createdVdc := createNewVdc(vcd, check, check.TestName()+"_forUpdate") 151 check.Assert(err, IsNil) 152 check.Assert(createdVdc, NotNil) 153 154 foundVdcGroup, err = adminOrg.GetVdcGroupByName(check.TestName()) 155 check.Assert(err, IsNil) 156 check.Assert(foundVdcGroup, NotNil) 157 check.Assert(foundVdcGroup.VdcGroup.Name, Equals, check.TestName()) 158 159 // check update 160 newDescription := "newDescription" 161 newName := check.TestName() + "newName" 162 updatedVdcGroup, err := foundVdcGroup.Update(newName, newDescription, []string{createdVdc.vdcId()}) 163 check.Assert(err, IsNil) 164 check.Assert(updatedVdcGroup, NotNil) 165 check.Assert(updatedVdcGroup.VdcGroup.Name, Equals, newName) 166 check.Assert(updatedVdcGroup.VdcGroup.Description, Equals, newDescription) 167 check.Assert(updatedVdcGroup.VdcGroup.Id, Not(Equals), "") 168 check.Assert(len(updatedVdcGroup.VdcGroup.ParticipatingOrgVdcs), Equals, 1) 169 170 // activate and deactivate DFW 171 enabledVdcGroup, err := updatedVdcGroup.ActivateDfw() 172 check.Assert(err, IsNil) 173 check.Assert(enabledVdcGroup, NotNil) 174 check.Assert(enabledVdcGroup.VdcGroup.DfwEnabled, Equals, true) 175 176 // disable default policy, otherwise deactivation of Dfw fails 177 _, err = enabledVdcGroup.DisableDefaultPolicy() 178 check.Assert(err, IsNil) 179 defaultPolicy, err := enabledVdcGroup.GetDfwPolicies() 180 check.Assert(err, IsNil) 181 check.Assert(defaultPolicy, NotNil) 182 check.Assert(*defaultPolicy.DefaultPolicy.Enabled, Equals, false) 183 184 // also validate enable default policy 185 _, err = enabledVdcGroup.EnableDefaultPolicy() 186 check.Assert(err, IsNil) 187 defaultPolicy, err = enabledVdcGroup.GetDfwPolicies() 188 check.Assert(err, IsNil) 189 check.Assert(defaultPolicy, NotNil) 190 check.Assert(*defaultPolicy.DefaultPolicy.Enabled, Equals, true) 191 192 _, err = enabledVdcGroup.DisableDefaultPolicy() 193 check.Assert(err, IsNil) 194 defaultPolicy, err = enabledVdcGroup.GetDfwPolicies() 195 check.Assert(err, IsNil) 196 check.Assert(defaultPolicy, NotNil) 197 check.Assert(*defaultPolicy.DefaultPolicy.Enabled, Equals, false) 198 199 disabledVdcGroup, err := updatedVdcGroup.DeactivateDfw() 200 check.Assert(err, IsNil) 201 check.Assert(disabledVdcGroup, NotNil) 202 check.Assert(disabledVdcGroup.VdcGroup.DfwEnabled, Equals, false) 203 return vdcGroup 204 } 205 206 func (vcd *TestVCD) Test_GetVdcGroupByName_ValidatesSymbolsInName(check *C) { 207 fmt.Printf("Running: %s\n", check.TestName()) 208 if vcd.skipAdminTests { 209 check.Skip(fmt.Sprintf(TestRequiresSysAdminPrivileges, check.TestName())) 210 } 211 if vcd.config.VCD.Nsxt.Vdc == "" { 212 check.Skip("Missing NSX-T config: No NSX-T VDC specified") 213 } 214 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointVdcGroups) 215 216 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.org.Org.Name) 217 check.Assert(err, IsNil) 218 check.Assert(adminOrg, NotNil) 219 test_GetVdcGroupByName_ValidatesSymbolsInName(check, adminOrg, vcd.nsxtVdc.vdcId()) 220 } 221 222 func test_GetVdcGroupByName_ValidatesSymbolsInName(check *C, adminOrg *AdminOrg, vdcId string) { 223 // When alias contains commas, semicolons, stars, or plus signs, the encoding may reject by the API when we try to Query it 224 // Also, spaces present their own issues 225 for _, symbol := range []string{";", ",", "+", " ", "*"} { 226 227 name := fmt.Sprintf("Test%sVdcGroup", symbol) 228 229 createdVdcGroup, err := adminOrg.CreateNsxtVdcGroup(name, "", vdcId, []string{vdcId}) 230 check.Assert(err, IsNil) 231 check.Assert(createdVdcGroup, NotNil) 232 233 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointVdcGroups + createdVdcGroup.VdcGroup.Id 234 PrependToCleanupListOpenApi(createdVdcGroup.VdcGroup.Name, check.TestName(), openApiEndpoint) 235 236 check.Assert(createdVdcGroup, NotNil) 237 check.Assert(createdVdcGroup.VdcGroup.Id, Not(Equals), "") 238 check.Assert(createdVdcGroup.VdcGroup.Name, Equals, name) 239 check.Assert(len(createdVdcGroup.VdcGroup.ParticipatingOrgVdcs), Equals, 1) 240 241 foundVdcGroup, err := adminOrg.GetVdcGroupByName(name) 242 check.Assert(err, IsNil) 243 check.Assert(foundVdcGroup, NotNil) 244 check.Assert(foundVdcGroup.VdcGroup.Name, Equals, name) 245 246 err = foundVdcGroup.Delete() 247 check.Assert(err, IsNil) 248 } 249 } 250 251 // Test_NsxtVdcGroupWithOrgAdmin additionally tests Test_CreateVdcGroup, Test_GetVdcGroupByName_ValidatesSymbolsInName 252 // and Test_NsxtVdcGroup using an org amin user with added rights which allows working with VDC groups. 253 func (vcd *TestVCD) Test_NsxtVdcGroupWithOrgAdmin(check *C) { 254 fmt.Printf("Running: %s\n", check.TestName()) 255 if vcd.skipAdminTests { 256 check.Skip(fmt.Sprintf(TestRequiresSysAdminPrivileges, check.TestName())) 257 } 258 if vcd.config.VCD.Nsxt.Vdc == "" { 259 check.Skip("Missing NSX-T config: No NSX-T VDC specified") 260 } 261 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointVdcGroups) 262 263 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.org.Org.Name) 264 check.Assert(err, IsNil) 265 check.Assert(adminOrg, NotNil) 266 267 skipIfNeededRightsMissing(check, adminOrg) 268 orgAdminClient, _, err := newOrgUserConnection(adminOrg, "test-user2", "CHANGE-ME", vcd.config.Provider.Url, true) 269 check.Assert(err, IsNil) 270 check.Assert(orgAdminClient, NotNil) 271 272 orgAsOrgAdminUser, err := orgAdminClient.GetAdminOrgByName(vcd.org.Org.Name) 273 check.Assert(err, IsNil) 274 check.Assert(orgAsOrgAdminUser, NotNil) 275 276 //run tests ad org Admin with needed rights 277 vdcGroup1 := test_NsxtVdcGroup(check, adminOrg, vcd) 278 vdc, vdcGroup := test_CreateVdcGroup(check, adminOrg, vcd) 279 test_GetVdcGroupByName_ValidatesSymbolsInName(check, orgAsOrgAdminUser, vcd.nsxtVdc.vdcId()) 280 281 // Remove VDC group and VDC 282 err = vdcGroup1.Delete() 283 check.Assert(err, IsNil) 284 err = vdcGroup.Delete() 285 check.Assert(err, IsNil) 286 task, err := vdc.Delete(true, true) 287 check.Assert(err, IsNil) 288 err = task.WaitTaskCompletion() 289 check.Assert(err, IsNil) 290 } 291 292 // skipIfNeededRightsMissing checks if needed rights are configured 293 func skipIfNeededRightsMissing(check *C, adminOrg *AdminOrg) { 294 defaultRightsBundle, err := adminOrg.client.GetRightsBundleByName("Default Rights Bundle") 295 check.Assert(err, IsNil) 296 check.Assert(defaultRightsBundle, NotNil) 297 298 // add new rights to bundle 299 var missingRights []string 300 301 rightsBeforeChange, err := defaultRightsBundle.GetRights(nil) 302 check.Assert(err, IsNil) 303 for _, rightName := range []string{ 304 "vDC Group: Configure", 305 "vDC Group: Configure Logging", 306 "vDC Group: View", 307 "Organization vDC Distributed Firewall: Enable/Disable", 308 //"Security Tag Edit", 10.2 doesn't have it and for this kind testing not needed 309 } { 310 newRight, err := adminOrg.client.GetRightByName(rightName) 311 check.Assert(err, IsNil) 312 check.Assert(newRight, NotNil) 313 foundRight := false 314 for _, old := range rightsBeforeChange { 315 if old.Name == rightName { 316 foundRight = true 317 } 318 } 319 if !foundRight { 320 missingRights = append(missingRights, newRight.Name) 321 } 322 } 323 324 if len(missingRights) > 0 { 325 check.Skip(check.TestName() + "missing rights to run test: " + strings.Join(missingRights, ", ")) 326 } 327 }