Add new field ActionValue to types. NsxtFirewallRule to support REJECT action

.changes/v2.24.0/661-improvements.md

@@ -0,0 +1 @@
+* `types.NsxtFirewallRule` adds field `ActionValue` instead of `Action` that is deprecated VCD API. It allows users to use `REJECT` option [GH-661]

govcd/nsxt_firewall_test.go

@@ -5,12 +5,13 @@ package govcd
 import (
 	"crypto/rand"
 	"fmt"
-	"github.com/vmware/go-vcloud-director/v2/util"
 	"math/big"
 	"os"
 	"strconv"
 	"text/tabwriter"
 
+	"github.com/vmware/go-vcloud-director/v2/util"
+
 	"github.com/vmware/go-vcloud-director/v2/types/v56"
 	. "gopkg.in/check.v1"
 )
@@ -57,7 +58,7 @@ func (vcd *TestVCD) Test_NsxtFirewall(check *C) {
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Direction, Equals, randomizedFwRuleDefs[index].Direction)
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].IpProtocol, Equals, randomizedFwRuleDefs[index].IpProtocol)
 		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Enabled, Equals, randomizedFwRuleDefs[index].Enabled)
-		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Action, Equals, randomizedFwRuleDefs[index].Action)
+		check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].ActionValue, Equals, randomizedFwRuleDefs[index].ActionValue)
 		if vcd.client.Client.IsSysAdmin {
 			// Only system administrator can handle logging
 			check.Assert(fwCreated.NsxtFirewallRuleContainer.UserDefinedRules[index].Logging, Equals, randomizedFwRuleDefs[index].Logging)
@@ -135,7 +136,7 @@ func createFirewallDefinitions(check *C, vcd *TestVCD) []*types.NsxtFirewallRule
 
 		firewallRules[a] = &types.NsxtFirewallRule{
 			Name:                      check.TestName() + strconv.Itoa(a),
-			Action:                    pickRandomString([]string{"ALLOW", "DROP"}),
+			ActionValue:               pickRandomString([]string{"ALLOW", "DROP", "REJECT"}),
 			Enabled:                   a%2 == 0,
 			SourceFirewallGroups:      srcValue,
 			DestinationFirewallGroups: dstValue,
@@ -238,7 +239,7 @@ func dumpFirewallRulesToScreen(rules []*types.NsxtFirewallRule) {
 
 	for _, rule := range rules {
 		fmt.Fprintf(w, "%s\t%s\t%s\t%t\t%s\t%t\t%d\t%d\t%d\n", rule.Name, rule.Direction, rule.IpProtocol,
-			rule.Enabled, rule.Action, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles))
+			rule.Enabled, rule.ActionValue, rule.Logging, len(rule.SourceFirewallGroups), len(rule.DestinationFirewallGroups), len(rule.ApplicationPortProfiles))
 	}
 	err := w.Flush()
 	if err != nil {

types/v56/nsxt_types.go

@@ -481,8 +481,18 @@ type NsxtFirewallRule struct {
 	ID string `json:"id,omitempty"`
 	// Name - API does not enforce uniqueness
 	Name string `json:"name"`
-	// Action 'ALLOW', 'DROP'
-	Action string `json:"action"`
+	// Action field. Can be 'ALLOW', 'DROP'
+	// Deprecated in favor of ActionValue in VCD 10.2.2+ (API V35.2)
+	Action string `json:"action,omitempty"`
+
+	// ActionValue replaces deprecated field Action and defines action to be applied to all the
+	// traffic that meets the firewall rule criteria. It determines if the rule permits or blocks
+	// traffic. Property is required if action is not set. Below are valid values:
+	// * ALLOW permits traffic to go through the firewall.
+	// * DROP blocks the traffic at the firewall. No response is sent back to the source.
+	// * REJECT blocks the traffic at the firewall. A response is sent back to the source.
+	ActionValue string `json:"actionValue,omitempty"`
+
 	// Enabled allows to enable or disable the rule
 	Enabled bool `json:"enabled"`
 	// SourceFirewallGroups contains a list of references to Firewall Groups. Empty list means 'Any'