Merge

Signed-off-by: abarreiro <abarreiro@vmware.com>
vmware · Jun 13, 2024 · c5821f6 · c5821f6
2 parents 2a47f74 + 5379f18
commit c5821f6
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 7 deletions.
diff --git a/.changes/v2.25.0/661-improvements.md b/.changes/v2.25.0/661-improvements.md
@@ -0,0 +1,2 @@
+* Added field `ActionValue` to `types.NsxtFirewallRule` instead of `Action` that is deprecated in
+  VCD API. It allows users to use `REJECT` option [GH-661]
diff --git a/.changes/v2.25.0/684-notes.md b/.changes/v2.25.0/684-notes.md
@@ -1 +1 @@
-* Amended many tests to set `ResourceGuaranteedMemory` when spawning a `Flex` VDC [GH-681]
+* Amended many tests to set `ResourceGuaranteedMemory` when spawning a `Flex` VDC [GH-684, GH-685]
diff --git a/govcd/adminvdc_nsxt_test.go b/govcd/adminvdc_nsxt_test.go
@@ -91,6 +91,8 @@ func (vcd *TestVCD) Test_CreateNsxtOrgVdc(check *C) {
 		if allocationModel == "Flex" {
 			vdcConfiguration.IsElastic = &trueValue
 			vdcConfiguration.IncludeMemoryOverhead = &trueValue
+			// Memory guaranteed percentage is required when IncludeMemoryOverhead is true in VCD 10.6+
+			vdcConfiguration.ResourceGuaranteedMemory = addrOf(1.00)
 		}
 
 		vdc, _ := adminOrg.GetVDCByName(vdcConfiguration.Name, false)

diff --git a/govcd/nsxt_firewall_test.go b/govcd/nsxt_firewall_test.go
@@ -5,12 +5,13 @@ package govcd
 import (
 	"crypto/rand"
 	"fmt"
-	"github.com/vmware/go-vcloud-director/v2/util"
 	"math/big"
 	"os"
 	"strconv"
 	"text/tabwriter"
 
+	"github.com/vmware/go-vcloud-director/v2/util"
+
 	"github.com/vmware/go-vcloud-director/v2/types/v56"
 	. "gopkg.in/check.v1"
 )
@@ -57,7 +58,7 @@ func (vcd *TestVCD) Test_NsxtFirewall(check *C) {
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Direction, Equals, randomizedFwRuleDefs[index].Direction)
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].IpProtocol, Equals, randomizedFwRuleDefs[index].IpProtocol)
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Enabled, Equals, randomizedFwRuleDefs[index].Enabled)
-		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Action, Equals, randomizedFwRuleDefs[index].Action)
+		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].ActionValue, Equals, randomizedFwRuleDefs[index].ActionValue)
 		if vcd.client.Client.IsSysAdmin {
 			// Only system administrator can handle logging
 			check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Logging, Equals, randomizedFwRuleDefs[index].Logging)
@@ -135,7 +136,7 @@ func createFirewallDefinitions(check *C, vcd *TestVCD) []*types.NsxtFirewallRule
 
 		firewallRules[a] = &types.NsxtFirewallRule{
 			Name:                      check.TestName() + strconv.Itoa(a),
-			Action:                    pickRandomString([]string{"ALLOW", "DROP"}),
+			ActionValue:               pickRandomString([]string{"ALLOW", "DROP", "REJECT"}),
 			Enabled:                   a%2 == 0,
 			SourceFirewallGroups:      srcValue,
 			DestinationFirewallGroups: dstValue,
@@ -238,7 +239,7 @@ func dumpFirewallRulesToScreen(rules []*types.NsxtFirewallRule) {
 
 	for _, rule := range rules {
 		fmt.Fprintf(w, "%s\t%s\t%s\t%t\t%s\t%t\t%d\t%d\t%d\n", rule.Name, rule.Direction, rule.IpProtocol,
-			rule.Enabled, rule.Action, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles))
+			rule.Enabled, rule.ActionValue, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles))
 	}
 	err := w.Flush()
 	if err != nil {

diff --git a/types/v56/nsxt_types.go b/types/v56/nsxt_types.go
@@ -481,8 +481,18 @@ type NsxtFirewallRule struct {
 	ID string `json:"id,omitempty"`
 	// Name - API does not enforce uniqueness
 	Name string `json:"name"`
-	// Action 'ALLOW', 'DROP'
-	Action string `json:"action"`
+	// Action field. Can be 'ALLOW', 'DROP'
+	// Deprecated in favor of ActionValue in VCD 10.2.2+ (API V35.2)
+	Action string `json:"action,omitempty"`
+
+	// ActionValue replaces deprecated field Action and defines action to be applied to all the
+	// traffic that meets the firewall rule criteria. It determines if the rule permits or blocks
+	// traffic. Property is required if action is not set. Below are valid values:
+	// * ALLOW permits traffic to go through the firewall.
+	// * DROP blocks the traffic at the firewall. No response is sent back to the source.
+	// * REJECT blocks the traffic at the firewall. A response is sent back to the source.
+	ActionValue string `json:"actionValue,omitempty"`
+
 	// Enabled allows to enable or disable the rule
 	Enabled bool `json:"enabled"`
 	// SourceFirewallGroups contains a list of references to Firewall Groups. Empty list means 'Any'