diff --git a/nsxt/resource_nsxt_policy_tier0_gateway.go b/nsxt/resource_nsxt_policy_tier0_gateway.go index 346e593c2..b40de20ed 100644 --- a/nsxt/resource_nsxt_policy_tier0_gateway.go +++ b/nsxt/resource_nsxt_policy_tier0_gateway.go @@ -116,6 +116,12 @@ func resourceNsxtPolicyTier0Gateway() *schema.Resource { "dhcp_config_path": getPolicyPathSchema(false, false, "Policy path to DHCP server or relay configuration to use for this Tier0"), "intersite_config": getGatewayIntersiteConfigSchema(), "redistribution_config": getRedistributionConfigSchema(), + "rd_admin_address": { + Type: schema.TypeString, + Description: "Route distinguisher administrator address", + Optional: true, + ValidateFunc: validateSingleIP(), + }, }, } } @@ -711,6 +717,11 @@ func policyTier0GatewayResourceToInfraStruct(d *schema.ResourceData, connector * ipv6ProfilePaths := getIpv6ProfilePathsFromSchema(d) vrfConfig := getPolicyVRFConfigFromSchema(d) dhcpPath := d.Get("dhcp_config_path").(string) + rdAdminAddress := d.Get("rd_admin_address").(string) + rdAdminField := &rdAdminAddress + if rdAdminAddress == "" { + rdAdminField = nil + } t0Type := "Tier0" t0Struct := model.Tier0{ @@ -728,6 +739,7 @@ func policyTier0GatewayResourceToInfraStruct(d *schema.ResourceData, connector * ResourceType: &t0Type, Id: &id, VrfConfig: vrfConfig, + RdAdminField: rdAdminField, } if len(d.Id()) > 0 { @@ -893,6 +905,7 @@ func resourceNsxtPolicyTier0GatewayRead(d *schema.ResourceData, m interface{}) e d.Set("internal_transit_subnets", obj.InternalTransitSubnets) d.Set("transit_subnets", obj.TransitSubnets) d.Set("revision", obj.Revision) + d.Set("rd_admin_address", obj.RdAdminField) vrfErr := setPolicyVRFConfigInSchema(d, obj.VrfConfig) if vrfErr != nil { return vrfErr diff --git a/nsxt/resource_nsxt_policy_tier0_gateway_test.go b/nsxt/resource_nsxt_policy_tier0_gateway_test.go index 41dd168f1..a64596f90 100644 --- a/nsxt/resource_nsxt_policy_tier0_gateway_test.go +++ b/nsxt/resource_nsxt_policy_tier0_gateway_test.go @@ -35,6 +35,7 @@ func TestAccResourceNsxtPolicyTier0Gateway_basic(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "enable_firewall", "false"), resource.TestCheckResourceAttr(testResourceName, "ha_mode", "ACTIVE_STANDBY"), resource.TestCheckResourceAttr(testResourceName, "force_whitelisting", "false"), + resource.TestCheckResourceAttr(testResourceName, "rd_admin_address", "192.168.0.2"), resource.TestCheckResourceAttrSet(testResourceName, "ipv6_ndra_profile_path"), resource.TestCheckResourceAttrSet(testResourceName, "ipv6_dad_profile_path"), resource.TestCheckResourceAttrSet(testResourceName, "path"), @@ -53,6 +54,7 @@ func TestAccResourceNsxtPolicyTier0Gateway_basic(t *testing.T) { resource.TestCheckResourceAttr(testResourceName, "enable_firewall", "true"), resource.TestCheckResourceAttr(testResourceName, "force_whitelisting", "true"), resource.TestCheckResourceAttr(testResourceName, "ha_mode", "ACTIVE_ACTIVE"), + resource.TestCheckResourceAttr(testResourceName, "rd_admin_address", ""), resource.TestCheckResourceAttrSet(testResourceName, "ipv6_ndra_profile_path"), resource.TestCheckResourceAttrSet(testResourceName, "ipv6_dad_profile_path"), resource.TestCheckResourceAttrSet(testResourceName, "path"), @@ -359,7 +361,7 @@ func TestAccResourceNsxtPolicyTier0Gateway_withVRF(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccNsxtPolicyTier0WithVRFTemplate(name, true), + Config: testAccNsxtPolicyTier0WithVRFTemplate(name, true, true), Check: resource.ComposeTestCheckFunc( testAccNsxtPolicyTier0Exists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", name), @@ -373,10 +375,11 @@ func TestAccResourceNsxtPolicyTier0Gateway_withVRF(t *testing.T) { resource.TestCheckResourceAttrSet(testResourceName, "revision"), resource.TestCheckResourceAttr(testInterfaceName, "display_name", name), resource.TestCheckResourceAttr(testInterfaceName, "access_vlan_id", "12"), + resource.TestCheckResourceAttr(testResourceName, "rd_admin_address", "192.168.0.2"), ), }, { - Config: testAccNsxtPolicyTier0WithVRFTemplate(updateName, false), + Config: testAccNsxtPolicyTier0WithVRFTemplate(updateName, false, false), Check: resource.ComposeTestCheckFunc( testAccNsxtPolicyTier0Exists(testResourceName), resource.TestCheckResourceAttr(testResourceName, "display_name", updateName), @@ -386,6 +389,7 @@ func TestAccResourceNsxtPolicyTier0Gateway_withVRF(t *testing.T) { resource.TestCheckResourceAttrSet(testResourceName, "revision"), resource.TestCheckResourceAttr(testInterfaceName, "display_name", updateName), resource.TestCheckResourceAttr(testInterfaceName, "access_vlan_id", "12"), + resource.TestCheckResourceAttr(testResourceName, "rd_admin_address", ""), ), }, { @@ -596,6 +600,7 @@ resource "nsxt_policy_tier0_gateway" "test" { ha_mode = "ACTIVE_STANDBY" ipv6_ndra_profile_path = "/infra/ipv6-ndra-profiles/default" ipv6_dad_profile_path = "/infra/ipv6-dad-profiles/default" + rd_admin_address = "192.168.0.2" %s tag { @@ -683,7 +688,7 @@ data "nsxt_policy_realization_info" "realization_info" { } // TODO: add vrf_config tags when bug 2557096 is resolved -func testAccNsxtPolicyTier0WithVRFTemplate(name string, targets bool) string { +func testAccNsxtPolicyTier0WithVRFTemplate(name string, targets bool, rdAdmin bool) string { var routeTargets string if targets { @@ -695,6 +700,10 @@ func testAccNsxtPolicyTier0WithVRFTemplate(name string, targets bool) string { } ` } + var rdAdminAddress string + if rdAdmin { + rdAdminAddress = `rd_admin_address = "192.168.0.2"` + } return testAccNsxtPolicyGatewayInterfaceDeps("11, 12") + fmt.Sprintf(` resource "nsxt_policy_tier0_gateway" "parent" { nsx_id = "vrf-parent" @@ -709,6 +718,7 @@ resource "nsxt_policy_tier0_gateway" "test" { gateway_path = nsxt_policy_tier0_gateway.parent.path %s } + %s } resource "nsxt_policy_tier0_gateway_interface" "parent-loopback" { @@ -736,7 +746,7 @@ resource "nsxt_policy_tier0_gateway_interface" "test" { data "nsxt_policy_realization_info" "realization_info" { path = nsxt_policy_tier0_gateway.test.path -}`, name, routeTargets, name) +}`, name, routeTargets, rdAdminAddress, name) } func testAccNsxtPolicyTier0WithVRFTearDown() string { diff --git a/website/docs/r/policy_tier0_gateway.html.markdown b/website/docs/r/policy_tier0_gateway.html.markdown index 1ca1c2591..7b40444dd 100644 --- a/website/docs/r/policy_tier0_gateway.html.markdown +++ b/website/docs/r/policy_tier0_gateway.html.markdown @@ -15,15 +15,17 @@ This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC. ```hcl resource "nsxt_policy_tier0_gateway" "tier0_gw" { - description = "Tier-0 provisioned by Terraform" - display_name = "Tier0-gw1" - failover_mode = "PREEMPTIVE" - default_rule_logging = false - enable_firewall = true - ha_mode = "ACTIVE_STANDBY" - internal_transit_subnets = ["102.64.0.0/16"] - transit_subnets = ["101.64.0.0/16"] - edge_cluster_path = data.nsxt_policy_edge_cluster.EC.path + description = "Tier-0 provisioned by Terraform" + display_name = "Tier0-gw1" + failover_mode = "PREEMPTIVE" + default_rule_logging = false + enable_firewall = true + force_whitelisting = false + ha_mode = "ACTIVE_STANDBY" + internal_transit_subnets = ["102.64.0.0/16"] + transit_subnets = ["101.64.0.0/16"] + edge_cluster_path = data.nsxt_policy_edge_cluster.EC.path + rd_admin_address = "192.168.0.2" bgp_config { local_as_num = "60000" @@ -139,7 +141,8 @@ The following arguments are supported: * `internal_transit_subnets` - (Optional) Internal transit subnets in CIDR format. At most 1 CIDR. * `transit_subnets` - (Optional) Transit subnets in CIDR format. * `dhcp_config_path` - (Optional) Policy path to DHCP server or relay configuration to use for this gateway. -* `bgp_config` - (Optional) The BGP configuration for the Tier-0 gateway. When enabled a valid `edge_cluster_path` must be set on the Tier-0 gateway. This clause is not applicable to Global Manager - use `nsxt_policy_bgp_config` resource instead. +* `rd_admin_address` - (Optional) Route distinguisher administrator address. If using EVPN service, then this attribute should be defined if auto generation of route distinguisher on VRF configuration is needed. +* `bgp_config` - (Optional) The BGP configuration for the Tier-0 gateway. When enabled a valid `edge_cluster_path` must be set on the Tier-0 gateway. This clause is not applicable for Global Manager - use `nsxt_policy_bgp_config` resource instead. * `tag` - (Optional) A list of scope + tag pairs to associate with this Tier-0 gateway's BGP configuration. * `ecmp` - (Optional) A boolean flag to enable/disable ECMP. Default is `true`. * `enabled` - (Optional) A boolean flag to enable/disable BGP. Default is `true`.