Skip to content

Commit

Permalink
Merge pull request #153 from rgl/rgl-add-portgroup-security-options
Browse files Browse the repository at this point in the history 
Manage the portgroup security policy
  • Loading branch information
@josenk
josenk committed Oct 27, 2021
2 parents 974ffef + e8c93d5 commit 12ecd40
Show file tree
Hide file tree
Showing 10 changed files with 70 additions and 39 deletions.
26 changes: 1 addition & 25 deletions esxi/portgroup_create.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,11 @@ func resourcePORTGROUPCreate(d *schema.ResourceData, m interface{}) error {
log.Println("[resourcePORTGROUPCreate]")

var stdout string
var somthingWentWrong string
var remote_cmd string
var err error

name := d.Get("name").(string)
vswitch := d.Get("vswitch").(string)
vlan := d.Get("vlan").(int)

// Create PORTGROUP
remote_cmd = fmt.Sprintf("esxcli network vswitch standard portgroup add -v \"%s\" -p \"%s\"",
Expand All @@ -34,27 +32,5 @@ func resourcePORTGROUPCreate(d *schema.ResourceData, m interface{}) error {
// Set id
d.SetId(name)

// set vlan id
remote_cmd = fmt.Sprintf("esxcli network vswitch standard portgroup set -v \"%d\" -p \"%s\"",
vlan, name)

stdout, err = runRemoteSshCommand(esxiConnInfo, remote_cmd, "portgroup set vlan")
if err != nil {
somthingWentWrong = fmt.Sprintf("Failed to set portgroup vlan: %s\n%s\n", stdout, err)
}

// Refresh
vswitch, vlan, err = portgroupRead(c, name)
if err != nil {
d.SetId("")
return nil
}

d.Set("vswitch", vswitch)
d.Set("vlan", vlan)

if somthingWentWrong != "" {
return fmt.Errorf(somthingWentWrong)
}
return nil
return resourcePORTGROUPUpdate(d, m)
}
25 changes: 25 additions & 0 deletions esxi/portgroup_functions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,16 @@ import (
"regexp"
"strconv"
"strings"

"github.com/jszwec/csvutil"
)

type portgroupSecurityPolicy struct {
AllowForgedTransmits bool `csv:"AllowForgedTransmits"`
AllowMACAddressChange bool `csv:"AllowMACAddressChange"`
AllowPromiscuous bool `csv:"AllowPromiscuous"`
}

func portgroupRead(c *Config, name string) (string, int, error) {
esxiConnInfo := getConnectionInfo(c)
log.Println("[portgroupRead]")
Expand Down Expand Up @@ -40,3 +48,20 @@ func portgroupRead(c *Config, name string) (string, int, error) {

return vswitch, vlan, nil
}

func portgroupSecurityPolicyRead(c *Config, name string) (*portgroupSecurityPolicy, error) {
esxiConnInfo := getConnectionInfo(c)

remote_cmd := fmt.Sprintf("esxcli --formatter=csv network vswitch standard portgroup policy security get -p \"%s\"", name)
stdout, err := runRemoteSshCommand(esxiConnInfo, remote_cmd, "portgroup security policy")
if stdout == "" {
return nil, fmt.Errorf("Failed to get the portgroup security policy: %s\n%s\n", stdout, err)
}

var policies []portgroupSecurityPolicy
if err = csvutil.Unmarshal([]byte(stdout), &policies); err != nil || len(policies) != 1 {
return nil, fmt.Errorf("Failed to parse the portgroup security policy: %s\n%s\n", stdout, err)
}

return &policies[0], nil
}
8 changes: 8 additions & 0 deletions esxi/portgroup_read.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,13 @@ func resourcePORTGROUPRead(d *schema.ResourceData, m interface{}) error {
d.Set("vswitch", vswitch)
d.Set("vlan", vlan)

policy, err := portgroupSecurityPolicyRead(c, name)
if err != nil {
return err
}
d.Set("promiscuous_mode", policy.AllowPromiscuous)
d.Set("mac_changes", policy.AllowMACAddressChange)
d.Set("forged_transmits", policy.AllowForgedTransmits)

return nil
}
20 changes: 10 additions & 10 deletions esxi/portgroup_update.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ func resourcePORTGROUPUpdate(d *schema.ResourceData, m interface{}) error {
var err error

name := d.Get("name").(string)
vswitch := d.Get("vswitch").(string)
vlan := d.Get("vlan").(int)

// set vlan id
Expand All @@ -26,19 +25,20 @@ func resourcePORTGROUPUpdate(d *schema.ResourceData, m interface{}) error {

stdout, err = runRemoteSshCommand(esxiConnInfo, remote_cmd, "portgroup set vlan")
if err != nil {
d.SetId("")
d.SetId("") // TODO do we really want to do this? maybe only if the portgroup
return fmt.Errorf("Failed to set portgroup: %s\n%s\n", stdout, err)
}

// Refresh
vswitch, vlan, err = portgroupRead(c, name)
// set the security policy.
promiscuous_mode := d.Get("promiscuous_mode").(bool)
forged_transmits := d.Get("forged_transmits").(bool)
mac_changes := d.Get("mac_changes").(bool)
remote_cmd = fmt.Sprintf("esxcli network vswitch standard portgroup policy security set -p \"%s\" --allow-promiscuous=%t --allow-forged-transmits=%t --allow-mac-change=%t", name, promiscuous_mode, forged_transmits, mac_changes)
stdout, err = runRemoteSshCommand(esxiConnInfo, remote_cmd, "portgroup set vlan")
if err != nil {
d.SetId("")
return nil
return fmt.Errorf("Failed to set the portgroup security policy: %s\n%s\n", stdout, err)
}

d.Set("vswitch", vswitch)
d.Set("vlan", vlan)

return nil
// Refresh
return resourcePORTGROUPRead(d, m)
}
2 changes: 1 addition & 1 deletion esxi/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func Provider() terraform.ResourceProvider {
"esxi_hostssl": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("exsi_hostssl", "443"),
DefaultFunc: schema.EnvDefaultFunc("esxi_hostssl", "443"),
Description: "ssl port.",
},
"esxi_username": &schema.Schema{
Expand Down
2 changes: 1 addition & 1 deletion esxi/resource_guest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func resourceGUEST() *schema.Resource {
Optional: true,
ForceNew: true,
Default: nil,
Description: "Path on exsi host of ovf files.",
Description: "Path on esxi host of ovf files.",
},
"ovf_source": &schema.Schema{
Type: schema.TypeString,
Expand Down
21 changes: 21 additions & 0 deletions esxi/resource_portgroup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,27 @@ func resourcePORTGROUP() *schema.Resource {
Description: "portgroup vlan.",
ValidateFunc: validation.IntBetween(0, 4095),
},
"promiscuous_mode": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
ForceNew: false,
Default: false,
Description: "Promiscuous mode (true=Accept/false=Reject).",
},
"mac_changes": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
ForceNew: false,
Default: false,
Description: "MAC address changes (true=Accept/false=Reject).",
},
"forged_transmits": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
ForceNew: false,
Default: false,
Description: "Forged transmits (true=Accept/false=Reject).",
},
},
}
}
2 changes: 1 addition & 1 deletion examples-0.12/06 OVF Properties/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ data "template_file" "userdata_default" {
template = file("userdata.tpl")
vars = {
HOSTNAME = var.vm_hostname
HELLO = "Hello EXSI World!"
HELLO = "Hello ESXi World!"
}
}

Expand Down
2 changes: 1 addition & 1 deletion examples-0.13/06 OVF Properties/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ data "template_file" "userdata_default" {
template = file("userdata.tpl")
vars = {
HOSTNAME = var.vm_hostname
HELLO = "Hello EXSI World!"
HELLO = "Hello ESXi World!"
}
}

Expand Down
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ module github.com/josenk/terraform-provider-esxi

require (
github.com/hashicorp/terraform v0.12.2
github.com/jszwec/csvutil v1.5.1 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/tmc/scp v0.0.0-20170824174625-f7b48647feef
golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734
Expand Down

0 comments on commit 12ecd40

Please sign in to comment.