-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added policy_based_vpn_mode to NAT resource #1143
Added policy_based_vpn_mode to NAT resource #1143
Conversation
@wvanderwaal-iqmessenger, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding
|
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
74c26d9
to
4cbf619
Compare
/test-all |
Hi @wvanderwaal-iqmessenger, thank you for this contribution!
|
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Hello @annakhm thanks for the comment with the error log and running the tests. You're correct, i was applying incorrect config in the test, a DNAT/NO_DNAT only property in a SNAT test will always fail. Perhaps I read the code a little to fast on my part, sorry about that. I've removed that property from the SNAT test, so it shouldn't no longer fail there, also I've added 'NO_DNAT' to the description of the property. |
/test-all |
Hello, unfortunately we're still hitting this error in the acceptance testing:
looks like action needs to be adjusted for all tests that configure VPN bypass |
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
…nge on using wrong action Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
/test-all |
@wvanderwaal-iqmessenger, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding
|
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
04b698d
to
290e8fb
Compare
Hello @annakhm, You're right, some more adjustments were required to the tests, hopefully it's fixed now. |
Hello @ksamoray, Thanks for starting the tests, I forgot to run the format so the lint jobs failed, but I've committed this. Small question, will the Global Manager Acceptance Test still run even if the lint job fails? |
Hi, yeah acceptance test execution is unrelated to the lint execution. Anyway there's a GM acctest failure as follows:
Not sure about what's causing it though. |
…urce for the test Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Hello, Thanks for the error log, I've fixed the issue that caused this. Both the DNAT and the NAT64 tests use the same resource template, I made a condition to only add policy based vpn mode to the DNAT tests. |
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
test-all |
Small question, I noticed this doesn't begin with '/'. |
No, without the slash it'll do nothing... I'll reactivate |
/test-all |
@wvanderwaal-iqmessenger there are failures in the following tests for NSX v3.2.3:
Failure is:
Maybe you should set it only when |
…own tests Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Hello @ksamoray Thanks for sending the error log and the advice of the nsx version function. I've used that function to make sure it's only used in version 4.0.0 (I'm assuming that this is 4.0.0.1, the release of policy_based_vpn_mode). Also I've created a new test function for policy_based_vpn_mode so I can make use of |
Hello, Is it possible for someone to run the tests for me? Thanks in advanced! |
/test-all |
Hi @wvanderwaal-iqmessenger, the tests are failing now with
My guess is that |
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Hello @annakhm, Thanks for sending the error log, You're right, |
/test-all |
@@ -80,6 +82,7 @@ The following arguments are supported: | |||
* `translated_networks` - (Optional) A list of translated network IP addresses or CIDR. | |||
* `translated_ports` - (Optional) Port number or port range. For use with `DNAT` action only. | |||
* `scope` - (Optional) A list of paths to interfaces and/or labels where the NAT Rule is enforced. | |||
* `policy_based_vpn_mode` - (Optional) Policy based VPN mode. One of `BYPASS`, `MATCH` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we please specify here that this attribute is only relevant for certain types of NAT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I've added that it only applies to DNAT
and NO_DNAT
. Also I've added that the default for these actions is BYPASS
and that this attribute is supported from NSX 4.0 and above.
@wvanderwaal-iqmessenger thanks for addressing all the comments! Looks good to me, just a small request to improve the doc |
…t NAT types Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
…support Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
@annakhm No problem! And thanks for the code review! I've improved the documentation as you requested |
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
Signed-off-by: Wouter van der Waal <w.vanderwaal@iqmessenger.com>
/test-all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Hello,
I've added policy_based_vpn_mode to the NAT resource.
This is a feature I'm using, and every time I call terraform, every VPN mode that has the value 'MATCH', will return to its default of 'BYPASS'.
So it would be nice to specify this value in terraform.